RegScout

Windows Registry Forensics Scripts

These scripts were created as a way to pull/parse windows registry for forensics; and prepare them to be ingested into Elasticsearch.

Version 1.00 was the initial creation of getting it to work.

Version 2.00 was a major under taking to move this to the ECS aligned schema.

I have also spent more time during 2.00 versions to try and document the locations of the data.

I have also spent alot of time creating a parser of the data that is collected so the end goal would be to have the data that is output requiring as little interpertation as possible. This is not always 100% done but this is my end goal for this project is to achieve this.

NextWindows Registry Forensics

Last updated 3 years ago