RegRipper - How do you use it?

Discussion in 'backup, imaging & disk mgmt' started by Searching_ _ _, Jul 14, 2010.

Thread Status:
Not open for further replies.
  1. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    RegRipper will parse a registry hive file for specific information.
    It doesn't work on a live hive file on a running system.
    It will work on an image file or a mounted drive like Mount Drive Pro.

    How do I get an image of just the registry hive to run RegRipper on?

    Since RegRipper doesn't look for information in the file system I don't want to make a byte for byte copy of the entire HDD just to scan the registry.

    Will it work on RegShot Images?

    RegRipper

    Regshot
     
    Last edited: Jul 14, 2010
  2. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    No, but it does work with ERUNT and Registry Workshop images.
     
  3. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    I gave it a run against the Erunt Hive.

    rrPOC seems to do a pretty good job with it's default plug-ins (all.adv).
    It doesn't run any additional plug-ins.
    It's report lay out is decent could be better.

    rr20080909 doesn't seem to function well and haven't figured out why.
    Running the program creates a report that is huge, 218kb with 80+ plug-ins.
    With just 1 plug-in it generated a report of 422kb.

    Have you seen this behavior in RegRipper?
     
  4. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    I see pretty much the opposite. If I run all plugins against the SOFTWARE hive, the report size is 14 MB; if I use only the software plugin, the size is 14 KB.

    I haven't done a side-by-side plugin comparison, but RegExtract is a nice alternative to RegRipper. It only works with ERUNT hives. Its report layout is better than RegRipper's.
     
  5. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    RegExtract crashed on Vista. I was unable to run a scan.
     
  6. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    I used it today on 7 32-bit with no problems. Did you use the Windows installer or the cross-platform Mono version? I used the Windows installer version.
     
  7. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    I used the windows installer version also.

    I don't think it was the program itself. I will have to try again when I can solve my issues.
     
Loading...
Thread Status:
Not open for further replies.