Hello, I just released new versions of these tools, and thought some of you might be interested.
RegLookup[1] allows one to dump a Windows (NT+) registry from Unix systems. It also supports some limited querying based on path and data type, and can output useful metainformation such as key mtimes and ACLs. It is specifically designed for scripting, with an easily parsable CSV-like output format. It is written in C and is licensed under the GPL. GrokEVT[2] allows one to interpret Windows event logs from Unix systems. Unlike any other open source event log tool (that I know of, correct me if I'm wrong), it is able to combine log message templates with event log data to produce human-readable output. (Equivalent to what one would get out of the event viewer in Windows.) Logs are also output in an easily parsable CSV-like format. It is written in Python and is also licensed under the GPL. These tools are designed with forensic analysis in mind, and should be relatively easy to check for accuracy. Please let me know if you try these out and run into any problems. thanks, tim 1. http://projects.sentinelchicken.org/reglookup/ 2. http://projects.sentinelchicken.org/grokevt/
