Upgrade to RegRipper-3.0 and move it to tools folder #331
Comments
|
Seems RegRipper-3.0 is MIT licensed, so we could move it to iped/tools folder without any license concerns. |
|
@tc-wleite, RegRipper-3.0 changed the date format to yyyy-MM-dd HH:mm:ss so the custom date localization code you added years ago won't be used anymore. Could I remove it and its localization strings? I think it may easy a bit future localization to other languages. |
|
Sure! |
|
I've forked RegRipper-3.0 repo and pushed some fixes to https://github.com/sepinf-inc/RegRipper3.0 |
|
I'll also collect some samples from our case database and run RegRipper-3.0 on them, since infinite loops in 2 regripper plugins used to happen in the past. |
|
The run over ~125K registry format files from ~1500 cases finished, 2 timeouts were thrown, I'll take a closer look tomorrow... |
The hang is with the appcompatcache v.20200428 plugin when running on 2 SYSTEM files, it does not happen with regripper-2.8. |
pushed a quick and dirty workaround: sepinf-inc/RegRipper3.0@e7f8a07 |
|
I just found this with some important info about RegRipper-3.0: One of them explains the decreased number of plugins:
So I'll stick with the default 3.0 plugins, and won't add the old (compatible) 2.8 ones, that can possibly duplicate a lot of info. Another important info unknown to me until today is the plugins with _tln suffix, they are specific to generate a timeline output using the -aT switch! I'll open another ticket to parse the output of those plugins to populate our timeline. |
lfcnassif
changed the title
We should apply this fix sleuthkit/autopsy#6516 when upgrading. In current used version I've disabled shellext plugin in software plugin package because of an infinite loop years ago, not sure if it is the same.
The text was updated successfully, but these errors were encountered: