Woany Blog

The inspiration for RegExtract came totally from the excellent RegRipper, created by the very knowledgable Harlan Carvey, who is the author of the excellent Windows Forensic Analysis book (I have got the 2nd edition on pre-order).

I have written my own binary Windows registry parser that is to be used in a number of forensic applications. I needed a good test bed and what better than to compare the results with RegRipper, so I have implemented all of the plugins available with RegRipper plus a few more. There is currently at least 65 plugins. You can run an individual plugin against a registry hive or select a registry hive and run all plugins applicable to the input registry hive. I will be adding the ability to run the plugins against the hive located in the System Restore (again another idea from RegRipper).

Download here.