Example Usage
usage: regrip.py [-h] [--system SYSTEM] [--software SOFTWARE] [--sam SAM]
                 [--ntuser NTUSER] [--usrclass USRCLASS] [--root ROOT]
                 [--all-user-hives] [--backups] [--verbose] [--bodyfile]
                 [--list]
                 plugin_name

Extract information from Windows Registry hives

positional arguments:
  plugin_name           Name of the plugin to run

optional arguments:
  -h, --help            show this help message and exit
  --system SYSTEM, -y SYSTEM
                        Path to the SYSTEM hive. Overrides --root and the
                        REG_SYSTEM environment variable
  --software SOFTWARE, -o SOFTWARE
                        Path to the SOFTWARE hive. Overrides --root and the
                        REG_SOFTWARE environment variable
  --sam SAM, -a SAM     Path to the SAM hive. Overrides --root and the REG_SAM
                        environment variable
  --ntuser NTUSER, -n NTUSER
                        Path to the NTUSER.DAT hive. Overrides the REG_NTUSER
                        environment variable
  --usrclass USRCLASS, -u USRCLASS
                        Path to the UsrClass.DAT hive. Overrides the
See also
TRACE-Forensic-Toolkit
Open Source

Digital forensic analysis tool that provides a user-friendly interface for investigating disk images…
pe-sieve
Open Source

Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/in…
SingleFileExtractor
Open Source

A tool for extracting contents (assemblies, configuration, etc.) from a single-file application to a…
volatility3
Free

Volatility is the world's most widely used framework for extracting digital artifacts from volatile …
CAPEv2
Free

Malware Configuration And Payload Extraction…
Meerkat
Open Source

A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-base…