Skip to content
Windows Registry and RAM Collector
Python
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
data
db
dist
sample
.gitignore
LICENSE
README.md
dbmanage.py
icon.ico
setup.py
w2rc.py

README.md

Windows Registry and RAM Collector (W2RC)

This tool was designed for research in the field of Digital Forensics.

This prototype tool is the user client for the overall framework Ransomware Readiness Framework (2RF) (publications below). There is some significant setup that needs to be done in order to get the analysis and storage engine up and running. The installation guide can be found under the W3RS setup.

Installation

NB: SINCE THIS IS A PROTOTYPE, WHEN TESTING MALICIOUS SAMPLES PLEASE USE THIS TOOL WITHIN A VM Install the MSI file W2RC-1.X-amd64.msi

Install openSSL

Usage

A Desktop icon will be visible after the installation double-click on it and it will launch the program. Please run the tool with administrator privileges. After installing the tool you will need to provide the IP or domain name of the analysis and storage machine as well as the port. Below is a screenshot of the tool.

Testing environments

  • Windows 10
  • Windows 8.1
  • Windows 7
  • Windows XP

Contributing

  1. Fork it!
  2. Create your feature branch: git checkout -b my-new-feature
  3. Commit your changes: git commit -am 'Add some feature'
  4. Push to the branch: git push origin my-new-feature
  5. Submit a pull request :D

Wanted

  • Bug reports.
  • Feedback.

License

MIT License

Publications

  • Singh, A. R. Ikuesan, and H. S. Venter, “Digital Forensic Readiness Framework for Ransomware Investigation,” in Digital Forensics and Cyber Crime, 2019, pp. 91–105.

  • A. Singh, A. Ikuesan, and H. Venter, “A context-aware trigger mechanism for ransomware forensics,” 14th Int. Conf. Cyber Warf. Secur. ICCWS 2019, pp. 629–638, 2019.

You can’t perform that action at this time.