Binary package “reglookup” in ubuntu jammy
utility to analysis for Windows NT-based registry
RegLookup is a system to direct analysis of Windows NT-based registry
files providing command line tools, a C API, and a Python module for
accessing registry data structures. The project has a focus on providing
tools for digital forensics investigations (though is useful for many
purposes), and includes algorithms for retrieving deleted data structures
from registry hives.
.
Currently the program allows one to read an entire registry and output it
in a (mostly) standardized, quoted format. It also provides features for
filtering of results based on registry path and data type. The package
provides the following commands: reglookup, reglookup-recover and
reglookup-