Autopsy Module to analyze Registry Hives based on bookmarks provided by EricZimmerman for his tool RegistryExplorer
- Tested Autopsy version: 4.18.0+
- OS's supported on: Windows
- License: GNU General Public License Version 3
- Analyse Registry hives based on bookmarks provided by EricZimmerman
- Ability to analyze registry hives independently without the need to load a full disk image
- Categorize Keys according to their usage
- Transaction logs analysis and determine wether the Registry Hive is dirty or not.
git clone https://github.com/0xMohammed/Autopsy-Registry-Explorer.gitcopy Module folder to 'C:\Users\{Username}\AppData\Roaming\autopsy\python_modules'
Autopsy discussion group
Transaction logs analysis
Sleuthkit API Reference
Python Registry Parser