Aerosol Posted March 23, 2015 Report Posted March 23, 2015 Python Registry ParserThe idea of this started out as one to duplicate Microsoft's autoruns tool to the extent possible with only offline registry hives. Then I started adding extra non-autorun(ish) registry keys and then it turned into more of a Windows Registry parser; hence the name change from autoreg-parse to python-regparse. I'm terrible at naming scripts/tools so this will have to suffice.I wrote about it here on my blog: https://sysforensics.org/2015/03/python-registry-parser.htmlPurpose/ReasonI didn't like the output of other tools.I wanted to learn to write better Python code.OutputThis was a sticky point I had with alternative tools, and realizing this I thought hard and came to the conclusion if I want a tool that doesn't have messy output i'm going to have to make it custom user defined output, and then provide a fallback template file if a custom output isn't defined via the command line. This will likely turn some people off from using this tool, but I think it's the best way forward.I suggest taking a look here for some output examples: https://sysforensics.org/2015/03/python-registry-parser.html as it's not as complex as it may sound. Even for non-coders it's easy.How to InstallInstall Python 2.79Install https://pypi.python.org/pypi/setuptoolssudo pip install python-registrysudo pip install jinja2wget https://github.com/sysforensics/python-regparse/blob/master/yapsy_mods/yapsy-master.zipUnzip itcd yapsy-master/package/sudo python setup.py buildsudo python setup.py installwget https://github.com/sysforensics/python-regparse/archive/master.zipUnzipPut it where you want, and then enjoy!I've tested/used on OSX, Windows and SIFT 3.0. If pip doesn't work for you try easy_install.Link: https://github.com/sysforensics/python-regparse Quote
