RegRipper 3.0

With the GUI (rr.exe), you no longer need to manually select a profile. Instead, simply choose the hive you want to parse and specify the output directory. The GUI will automatically execute all applicable plugins against the selected hive.

exe, using the -a switch. Alternatively, you can utilize the -aT switch to execute all hive-specific TLN plugins against the hive.

The capability to execute individual plugins, as well as profiles, has been preserved. Date Format - A GitHub issue was raised requesting that the date format be modified to comply with ISO 8601 standards.

However, the actual format provided as part of the issue/request adhered to the RFC 3339 profile (i.e., there is a space between the date and time). NOTE: This tool does NOT automatically process hive transaction logs. If you need to include data from hive transaction logs in your analysis, consider merging the data using Maxim Suhanov's yarp along with registryFlush.py, or using Eric Zimmerman's rla.exe, which is included in Eric's Registry Explorer/RECmd.

The following Perl module files have undergone modifications.