What is RegRipper? RegRipper was created and maintained by Harlan Carvey. RegRipper, written in Perl, is the fastest, easiest, and best tool for registry analysis in forensics examinations. RegRipper has been downloaded over 5000 times and used by examiners everywhere. How can you make it better If you want RegRipper to be better, you can help by first sending in registry hives with specific information of what you need RegRipper to do with that hive to Harlan Carvey. Is it a P2P application of interest Or USB devices Or What is the RegRipper RegRipper is *not* it s not a Registry Viewer. An examiner would not open a Registry hive file in RegRipper to look around . Further, RegRipper is NOT intended for use with live hive files. Hive files need to be extracted from a case (or from a live system using FTK Imager ), or accessible via a tool such as Mount Image Pro or F-Response. RegRipper is a Windows Registry data extraction and correlation tool. RegRipper uses plugins (similar to Nessus) to access specific Registry hive files in order to access and extract specific keys, values, and data, and does so by bypassing the Win32API.