Question

In Chapter 4 in Windows Forensic Analysis DVD Toolkit, 2nd Edition

Download the RegRipper suite of tools at: (50 points)

https://github.com/keydet89/RegRipper2.8

Or

https://code.google.com/archive/p/regripper/downloads

(you may also download the sample hives “samples.zip” for this practice), and download the RegRipper supplemental plugins at:

https://storage.googleapis.com/google-code-archivedownloads/v2/code.google.com/regripper/plugins20130429.zip.

Find related documents on the installation and user guidance; make the practice by selecting at least eight examples of Registry analysis from page 181 to the end of chapter 4.

You may utilize the sample hive files at https://storage.googleapis.com/google-code-archivedownloads/v2/code.google.com/regripper/samples.zip.

Please check the path of regripper and the path of regripperplugins. Your commands may not be the same to the examples shown in the textbook (e.g., the command on page 179 C:\Perl\forencis\rr\rip.pl –r d:\cases\vista\software Plugins Dir= C:\Perl….), because you may have different directory names to hold the regripper, the plugins, and the sample hive files.

Please write down your command to execute these exercises including the paths to have regripper and the plugins, and the output (analysis results) by these commands. You may provide screen capture results to these questions.

Answer 1

XP NTUSER.DAT
**********************

Win 7 & Win 8

GUI

The Registry Ripper, or RegRipper for short, is not a Registry hive file viewer.

if you have any doubt then please ask me without any hesitation in the comment section below , if you like my answer then please thumbs up for the answer , before giving thumbs down please discuss the question it may possible that we may understand the question different way and i can edit and change the answers if you argue, thanks :)