Hello, this is my first volatility plugin, a very helpful one at least for me, helped me to detect suspicious behaviours of malware like wannacry and detect its activity in registers, hope it will be helpful for you also, (windows profile based plugin)
this plugin get a list of the last modified registry keys, just give it the time you need to start listing from and it will do a good job
in some cases, the script will exit very fast before extracting any key, so if you faced this problem with version 1, hopefully, it's completely solved in version 2.
getlastmodkey -t "2021-02-22 17:52:48"
getlastmodkey -s "2021-02-22 17:52:48" -e "2021-02-25 10:52:18"
-n: when you need to search a specific hive, by default the plugin search NTUSER.DAT , you can use it with any of the 2 types of searching
getlastmodkey -t "2021-02-22 17:52:48" -n SAM
getlastmodkey -s "2018-02-22 17:52:48" -e "2021-02-25 10:52:18" -n SAM