Registry Ripper is a portable software program to automatically analyze Registry Hives. It will analyze a selected Registry hive and export the findings into a selected text document. Registry Hives are locked by the Windows operating system which means that it is necessary to copy or access them before the operating system is running. This can be done with a Live CD or by booting into another operating system that can access the Windows partition.
Most of the Registry hives are located in the \Windows\system32\config directory but some in other locations like Document and Settings. To analyze the NTuser hive one would load the file NTUSER.DAT which is located in the \Documents and Settings\username\ directory, select a name for the text document in the second step, select ntuser from the plugin list and click the Rip It button.
The analysis will save various system information in the text document which depend on the analyzed Registry hive. The analysis of the NTuser hive will for example reveal information about the logon username, installed applications, system and remote drives, various recent files lists, the programs that have been accessed recently and software that will start with the computer system.
Registry Ripper is a Registry analyzer that requires some knowledge about the locations of the various Registry hives on the computer system. It clearly aims at more advanced users and can provide the user with all kinds of useful information about a computer system and its users.
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.