RegLookup

The RegLookup project is devoted to direct analysis of Windows NT-based registry files. RegLookup is released under the GNU GPL, and is implemented in ANSI C. RegLookup provides command line tools, a C API, and a Python module for accessing registry data structures. The project has a focus on providing tools for digital forensic examiners (though is useful for many purposes), and includes algorithms for retrieving deleted data structures from registry hives. Browse the project's goals to read up on the objectives of future releases.

You may download the latest release, or grab the latest code out of our source repository. Prior to installation, you may want to check out RegLookup's dependencies. Also, we have some links posted to some other, similar projects. Finally, the latest updates on the project status can be found on our news page.

Check out the credits for a list of contributors to the project. If you are interested in contributing, please check out the project goals page first, and then check out the newest version with:

  svn co https://code.blindspotsecurity.com/dav/reglookup/

(Sorry, svn commit access isn't available. Please post any patches you have in a ticket or to the mailing list, and I'll review/commit them manually.) You may also be interested in the API documentation for regfi and pyregfi.




Content on this page, unless otherwise indicated, is © 2002-2015 Sentinel Chicken Networks.
Reproduction is authorized under our terms.