Windows Registry and RAM Collector (W2RC)
This tool was designed for research in the field of Digital Forensics.
This prototype tool is the user client for the overall framework Ransomware Readiness Framework (RRF) (publications below). There is some significant setup that needs to be done in order to get the analysis and storage engine up and running. The
installation guide can be found under the
W3RS setup. This tool relies of the setup and acts just as a user client to capture new processes and send them for analysis.
NB: SINCE THIS IS A PROTOTYPE, WHEN TESTING MALICIOUS SAMPLES PLEASE USE THIS TOOL WITHIN A VM.
Install the MSI file
A Desktop icon will be visible after the installation double-click on it and it will launch the program. Please run the tool with administrator privileges. After installing the tool you will need to provide the IP or domain name of the analysis and storage machine as well as the port. Below is a screenshot of the tool.
- Windows 10
- Windows 8.1
- Windows 7
- Windows XP
- Fork it!
- Create your feature branch:
git checkout -b my-new-feature
- Commit your changes:
git commit -am 'Add some feature'
- Push to the branch:
git push origin my-new-feature
- Submit a pull request :D
- Bug reports.
Singh, A. R. Ikuesan, and H. S. Venter, “Digital Forensic Readiness Framework for Ransomware Investigation,” in Digital Forensics and Cyber Crime, 2019, pp. 91–105.
A. Singh, A. Ikuesan, and H. Venter, “A context-aware trigger mechanism for ransomware forensics,” 14th Int. Conf. Cyber Warf. Secur. ICCWS 2019, pp. 629–638, 2019.