Bug#987586: marked as done (ITP: regripper -- perform forensic analysis of registry hives)
Your message dated Thu, 14 Oct 2021 11:00:12 +0000
with message-id <E1mayT6-0005mJ-Um@fasolo.debian.org>
and subject line Bug#987586: fixed in regripper 3.0~git20210405.05ef957+dfsg1-1
has caused the Debian Bug report #987586,
regarding ITP: regripper -- perform forensic analysis of registry hives
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
987586: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987586
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: ITP: regripper -- perform forensic analysis of registry hives
- From: Jan Gru <j4n6ru@gmail.com>
- Date: Mon, 26 Apr 2021 08:04:18 +0200
- Message-id: <161941705838.114826.2490533144386380606.reportbug@pkghost>
Package: wnpp
Severity: wishlist
Owner: Jan Gru <j4n6ru@gmail.com>
X-Debbugs-Cc: debian-devel@lists.debian.org
* Package name : regripper
Version : 3.0
Upstream Author : Harlan Carvey <keydet89@yahoo.com>
* URL : https://github.com/keydet89/RegRipper3.0
* License : MIT
Programming Lang: Perl
Description : Regripper - perform forensic analysis of registry hives
Bcc: Jan Gru <j4n6ru@gmail.com>
Regripper is a popular tool to perform forensic analysis of Windows Registry files. It can be used to surgically extract, translate, and display information (both data and metadata) from Registry-formatted files via plugins in the form of Perl-scripts.
** Why is this package relevant?
Regripper has an ancestral place in digital forensics and incident response with open source tools. Right now there are no other Debian packages providing similiar functionality. It was developed by the renowned author Harlan Carvey [fn:1]. It provides the capability to parse and analyze offline Windows registry files, which house a lot of valuable information needed in DFIR work.
Regripper is the goto tool for performing open source DFIR work on Windows systems [fn:2]. There exist numerous guides dealing
with the installation procedure of regripper on Linux systems [fn:3]. Therefore is a need for a regripper package. I am using it myself on a regular basis to perform DFIR work.
** Maintenance plan
I want to suggest to maintain regripper inside the pkg-security-team's repository on salsa, where a lot of forensics packages live [fn:4]. I am looking for a sponsor for this package - ideally a member of the pkg-security-team.
** Footnotes
[fn:1] E.g. see https://www.sans.org/blog/book-review-windows-forensic-analysis/
[fn:2] And even giants like Autopsy rely on regripper for registry parsing, see https://www.sleuthkit.org/autopsy/features.php
[fn:3] See https://medium.com/@virtual_alloc/installing-regripper-v2-8-on-ubuntu-e30dfb41192c, https://blog.dfir.fi/tools/2020/02/19/install-regripper.html, https://thegreycorner.com/2010/04/25/running-regripper-on-linux.html to name a few
[fn:4] See https://salsa.debian.org/pkg-security-team/
--- End Message ---
--- Begin Message ---
Source: regripper
Source-Version: 3.0~git20210405.05ef957+dfsg1-1
Done: Jan Gruber <j4n6ru@gmail.com>
We believe that the bug you reported is fixed in the latest version of
regripper, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 987586@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jan Gruber <j4n6ru@gmail.com> (supplier of updated regripper package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 18 May 2021 18:56:52 +0200
Source: regripper
Binary: regripper
Architecture: source all
Version: 3.0~git20210405.05ef957+dfsg1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Security Tools <team+pkg-security@tracker.debian.org>
Changed-By: Jan Gruber <j4n6ru@gmail.com>
Description:
regripper - perform forensic analysis of registry hives
Closes: 987586
Changes:
regripper (3.0~git20210405.05ef957+dfsg1-1) unstable; urgency=medium
.
* Initial release (Closes: #987586)
* debian/patches/:
- 10_modify-paths-in-srcs.patch: modify perl code to work on *nix
and adapt paths
- 20_correct-encoding.patch: correct encoding of plugin-files
- 30_correct-scripts.patch: remove unnecessary Windows #!-line
from plugin files
- 40_correct_mountdev2_plugin.patch: fix regex error stemming
from unescaped braces in mountdev2.pl
- 50_correct_scanbutton_plugin.patch: fix compilation issue
which arises from a missing explicit declaration of a
global symbol
* debian/manpage:
- regripper.1: Manual for using regripper
* debian/control:
- Added dependency (libparse-win32registry-perl)
* debian/install: added
* debian/links: added
* debian/rules: added
* debian/tests/:
- control: add testcases
- smoke: add simple smoke test
- listplugins: add test case to check plugin availability
- parsentuserdat: add test case to parse a hive file
Checksums-Sha1:
b04cc20bc4c8e8acb53f2f9abd47f0f77f090ab5 1846 regripper_3.0~git20210405.05ef957+dfsg1-1.dsc
221432f8065a9d2598bf8d7062dc3663e2ab2c6c 119480 regripper_3.0~git20210405.05ef957+dfsg1.orig.tar.xz
1f0710ba2d0b224f2dcea965391344169c4fb754 124696 regripper_3.0~git20210405.05ef957+dfsg1-1.debian.tar.xz
6751839e9fd22c36fc1390e73869ba147739897e 123804 regripper_3.0~git20210405.05ef957+dfsg1-1_all.deb
0656b25cba269ebdb43b44cc52b614a36d47a9e8 5747 regripper_3.0~git20210405.05ef957+dfsg1-1_amd64.buildinfo
Checksums-Sha256:
9ee5850a56d8bfac0a7098bafe4868ef127e26fa42592c6f87cb48f31545ebd3 1846 regripper_3.0~git20210405.05ef957+dfsg1-1.dsc
2cd94feff820c48b2866e3d20473b56a6dd1e186b1d1729b0105dba861a6c160 119480 regripper_3.0~git20210405.05ef957+dfsg1.orig.tar.xz
640c68c6c033a397ee8be77a1aff9a3cab9eed0758ca4488cc739ee8ec5bcbfc 124696 regripper_3.0~git20210405.05ef957+dfsg1-1.debian.tar.xz
89d7ebbc7f9ecf4ee486fa60af1f87b56924951eb710c259cb29bf46b49208f1 123804 regripper_3.0~git20210405.05ef957+dfsg1-1_all.deb
8d94aa79d1c1d4de8a8f7103122c1f1cf54b07b3f900ae5a8edce8c38ad8f708 5747 regripper_3.0~git20210405.05ef957+dfsg1-1_amd64.buildinfo
Files:
8ebe8b20d8b2c89725290e5f617400b4 1846 utils optional regripper_3.0~git20210405.05ef957+dfsg1-1.dsc
2f300635b8f2e29be2004be5c93eeef7 119480 utils optional regripper_3.0~git20210405.05ef957+dfsg1.orig.tar.xz
cd36debaa65a76a706a5c7155b8fcb1d 124696 utils optional regripper_3.0~git20210405.05ef957+dfsg1-1.debian.tar.xz
daa108ba551530ab3544e43a4df082ce 123804 utils optional regripper_3.0~git20210405.05ef957+dfsg1-1_all.deb
9af6d8a41f7eaf6ba99b3cee820d75cf 5747 utils optional regripper_3.0~git20210405.05ef957+dfsg1-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
Comment: Signed by Raphael Hertzog
iQEzBAEBCgAdFiEE1823g1EQnhJ1LsbSA4gdq+vCmrkFAmDJ8jwACgkQA4gdq+vC
mrlj5Qf+J2gt2RkOESawEZ1kaDSFQl3xiIG65bFA6tzr5LQfv/5hndflX3gwR26w
7qxSLtVOVopDy3uGFgY/l4+z61rRuHjlV6lcNdSDPFMn9RDBS6ZjVVQFC/yvIU1A
vw+gjk4tzd4B3WJeZZItiAEFrDjR5wxcyxVkUfQaX3lhu+HrawN8ToUr1PwcNjE2
XsmLnTx4AfekdiJnb0PhpGjVpjwOvkfGWKYPym1PfbPPrXMHMFN5DpdCA5TXNYLA
t8x42cqYr+ZMXAsVeuGkSCQ8ySuKtmRd+EIEvX+g1H0fwDUKTNgngRPi+pTL/JHz
1lK29AR5zM3rjJgF0JtfPFFzJDNuqw==
=BKIv
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: