Skip to content
master
Switch branches/tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
db
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Windows Registry and RAM Collector (W2RC)

This tool was designed for research in the field of Digital Forensics.

This prototype tool is the user client for the overall framework Ransomware Readiness Framework (RRF) (publications below). There is some significant setup that needs to be done in order to get the analysis and storage engine up and running. The installation guide can be found under the W3RS setup. This tool relies of the setup and acts just as a user client to capture new processes and send them for analysis.

Installation

NB: SINCE THIS IS A PROTOTYPE, WHEN TESTING MALICIOUS SAMPLES PLEASE USE THIS TOOL WITHIN A VM.

Install the MSI file W2RC-1.X-amd64.msi

Install openSSL

Usage

A Desktop icon will be visible after the installation double-click on it and it will launch the program. Please run the tool with administrator privileges. After installing the tool you will need to provide the IP or domain name of the analysis and storage machine as well as the port. Below is a screenshot of the tool.

Testing environments

  • Windows 10
  • Windows 8.1
  • Windows 7
  • Windows XP

Contributing

  1. Fork it!
  2. Create your feature branch: git checkout -b my-new-feature
  3. Commit your changes: git commit -am 'Add some feature'
  4. Push to the branch: git push origin my-new-feature
  5. Submit a pull request :D

Wanted

  • Bug reports.
  • Feedback.

License

MIT License

Publications

  • Singh, A. R. Ikuesan, and H. S. Venter, “Digital Forensic Readiness Framework for Ransomware Investigation,” in Digital Forensics and Cyber Crime, 2019, pp. 91–105.

  • A. Singh, A. Ikuesan, and H. Venter, “A context-aware trigger mechanism for ransomware forensics,” 14th Int. Conf. Cyber Warf. Secur. ICCWS 2019, pp. 629–638, 2019.