CTM1 / win_ewf_extract

A Python framework for extracting artifacts from Windows Encase Disk Images
The Unlicense
0 stars 0 forks source link

RegistryExtractor get values #2

Closed CTM1 closed 1 year ago

CTM1 commented 1 year ago

For now the module only extracts the hives but no the key values in registry, make it so we extract keys from the registry and write them to a .csv file in the output directory along with their metadata.

This should be done by handling the registry hives files with either RegRipper as an external tool or the pyreg library internally, either way, dependencies will need to be added.

Extra: Let a list of keys to extract be specified in the .yaml file