Re: [sleuthkit-users] Python/Jython and Windows registry analysis

[Willi B. <wil...@gm...>]

Hey Jim,

Seems like a neat project for the students. As you've found, the _winreg
module ultimately calls down to the Windows API functions to retrieve data
from the Registry, so it's not an appropriate library for an Autopsy
plugin. Instead, you might consider taking a look at the python-registry
module (https://github.com/williballenthin/python-registry) that I've
developed and maintained over the past few years. It's pure Python, so it
should work well with Jython, and can parse hive data from a memory buffer
(presumably that you'd fetch via the Autopsy API).

I hope you'll share with the list the plugins that the students complete!

Thanks,
Willi

On Thursday, April 16, 2015, James H Jr Jones <jj...@gm...> wrote:

> We'd like to implement some existing Python Windows registry analysis
> scripts as Autopsy modules. As far as we can tell, the _winreg module is
> not implemented in Jython, so asking for recommendations on the best Python
> way to access the Windows registry from within Autopsy. Might accessing raw
> RegRipper output work, is there an alternative Jython module, or is there a
> better way? The script developers are a group of my students learning
> Python, so implementing the modules in Java isn't an option.
>
> Thanks for any suggestions or pointers.
>
> Jim
>
>
> ------------------------------------------------------------------------------
> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
> Develop your own process in accordance with the BPMN 2 standard
> Learn Process modeling best practices with Bonita BPM through live
> exercises
> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual-
> event?utm_
> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
> _______________________________________________
> sleuthkit-users mailing list
> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
> http://www.sleuthkit.org
>