-
Notifications
You must be signed in to change notification settings - Fork 218
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Upgrade to RegRipper-3.0 and move it to tools folder #331
Comments
Seems RegRipper-3.0 is MIT licensed, so we could move it to iped/tools folder without any license concerns. |
@tc-wleite, RegRipper-3.0 changed the date format to yyyy-MM-dd HH:mm:ss so the custom date localization code you added years ago won't be used anymore. Could I remove it and its localization strings? I think it may easy a bit future localization to other languages. |
Sure! |
I've forked RegRipper-3.0 repo and pushed some fixes to https://github.com/sepinf-inc/RegRipper3.0 |
I'll also collect some samples from our case database and run RegRipper-3.0 on them, since infinite loops in 2 regripper plugins used to happen in the past. |
The run over ~125K registry format files from ~1500 cases finished, 2 timeouts were thrown, I'll take a closer look tomorrow... |
The hang is with the appcompatcache v.20200428 plugin when running on 2 SYSTEM files, it does not happen with regripper-2.8. |
pushed a quick and dirty workaround: sepinf-inc/RegRipper3.0@e7f8a07 |
I just found this with some important info about RegRipper-3.0: One of them explains the decreased number of plugins:
So I'll stick with the default 3.0 plugins, and won't add the old (compatible) 2.8 ones, that can possibly duplicate a lot of info. Another important info unknown to me until today is the plugins with _tln suffix, they are specific to generate a timeline output using the -aT switch! I'll open another ticket to parse the output of those plugins to populate our timeline. |
We should apply this fix sleuthkit/autopsy#6516 when upgrading. In current used version I've disabled shellext plugin in software plugin package because of an infinite loop years ago, not sure if it is the same.
The text was updated successfully, but these errors were encountered: