Bug#987586: ITP: regripper -- perform forensic analysis of registry hives

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#987586: ITP: regripper -- perform forensic analysis of registry hives
From: Jan Gru <j4n6ru@gmail.com>
Date: Mon, 26 Apr 2021 08:04:18 +0200
Message-id: <[🔎] 161941705838.114826.2490533144386380606.reportbug@pkghost>
Reply-to: Jan Gru <j4n6ru@gmail.com>, 987586@bugs.debian.org

Package: wnpp
Severity: wishlist
Owner: Jan Gru <j4n6ru@gmail.com>
X-Debbugs-Cc: debian-devel@lists.debian.org

* Package name    : regripper
  Version         : 3.0
  Upstream Author : Harlan Carvey <keydet89@yahoo.com>
* URL             : https://github.com/keydet89/RegRipper3.0
* License         : MIT
  Programming Lang: Perl
  Description     : Regripper - perform forensic analysis of registry hives
Bcc: Jan Gru <j4n6ru@gmail.com>

Regripper is a popular tool to perform forensic analysis of Windows Registry files. It can be used to surgically extract, translate, and display information (both data and metadata) from Registry-formatted files via plugins in the form of Perl-scripts.

** Why is this package relevant?
Regripper has an ancestral place in digital forensics and incident response with open source tools. Right now there are no other Debian packages providing similiar functionality. It was developed by the renowned author Harlan Carvey [fn:1]. It provides the capability to parse and analyze offline Windows registry files, which house a lot of valuable information needed in DFIR work.

Regripper is the goto tool for performing open source DFIR work on Windows systems [fn:2]. There exist numerous guides dealing
 with the installation procedure of regripper on Linux systems [fn:3]. Therefore is a need for a regripper package. I am using it myself on a regular basis to perform DFIR work.

** Maintenance plan
I want to suggest to maintain regripper inside the pkg-security-team's repository on salsa, where a lot of forensics packages live [fn:4]. I am looking for a sponsor for this package - ideally a member of the pkg-security-team.

** Footnotes
[fn:1] E.g. see https://www.sans.org/blog/book-review-windows-forensic-analysis/

[fn:2] And even giants like Autopsy rely on regripper for registry parsing, see https://www.sleuthkit.org/autopsy/features.php

[fn:3] See https://medium.com/@virtual_alloc/installing-regripper-v2-8-on-ubuntu-e30dfb41192c, https://blog.dfir.fi/tools/2020/02/19/install-regripper.html, https://thegreycorner.com/2010/04/25/running-regripper-on-linux.html to name a few

[fn:4] See https://salsa.debian.org/pkg-security-team/

Reply to:

Prev by Date: Bug#987562: ITP: golang-github-google-go-intervals -- Functions for set operations on intervals, such as time ranges
Next by Date: Bug#987619: ITP: golang-github-dgryski-go-rendezvous -- Go implementation of rendezvous hashing
Previous by thread: Bug#987562: ITP: golang-github-google-go-intervals -- Functions for set operations on intervals, such as time ranges
Next by thread: Bug#987619: ITP: golang-github-dgryski-go-rendezvous -- Go implementation of rendezvous hashing
Index(es):
- Date
- Thread