Release Notes: This bugfix release addresses some issues identified since the last release and includes no significant changes to functionality. Fixes include minor changes and fixes to Unicode handling in pyregfi, a correction for an infinite loop on corrupted registries, an added ldconfig call during installation, and improved error reporting.
Release Notes: SK records and security descriptors are now accessible in pyregfi. Key caching was added to regfi, and SK caching was reintroduced. Minor API simplifications were made and documentation was improved. Numerous bugs were fixed.
Release Notes: This 1.0 release candidate contains major improvements to regfi usability. regfi was made a proper library, and major improvements were made to the API. Python bindings (pyregfi) were added for regfi. The Make-based build system was replaced with a SCons-based one. Numerous improvements were made in regfi for multithreaded use and memory management. API documentation was improved.
Release Notes: Big data support was improved and added to reglookup-recover. A -i option was added to reglookup for assisting with timeline generation. Unicode support was improved by correctly interpreting UTF-16LE key and value names. Data type interpretation was moved into regfi, and the regfi library interface was reorganized. regfi documentation was improved and Doxygen formatting was added.
Release Notes: Experimental support for "big data" records. Experimental support cross-compiling to Windows using MinGW. Correctly handles known key flags. Overhauled memory allocation by switching to talloc. Many memory leaks have been fixed. Improved recovery rate in reglookup-recover with more modular parsing of deleted structures. Fixes for minor NULL pointer dereferences.
Release Notes: Support was added for key class names which store the Windows syskey secret. Multi-level subkey list parsing was implemented. Compatibility with Windows Vista was improved. Security descriptor parsing routines were rewritten and much legacy code was eliminated. Error reporting was improved in the regfi library with configurable verbosity. Several important bugs were fixed.
Release Notes: This release has greatly increased speed through a rewrite of the underlying regfi library. It adds a new tool, reglookup-recover, which attempts to recover deleted keys, values, and other data structures from unallocated registry hive areas. It has improved data validation for more secure operation. The regfi library interface has been expanded to allow more direct access to data structures. Several output bugs and a path/type filtering bug have been fixed.
Release Notes: This release contains some additional functionality and numerous bugfixes. Important changes include vastly improved interaction with the underlying registry library with a new API, improved parsing of ACLs, a fix for a possible security problem, and the elimination of many memory leaks.
Release Notes: This release contains some additional functionality and numerous bugfixes. It adds a new script, reglookup-timeline, which builds timelines based on key mtimes. It adds support for NONE, LINK, and QWORD value types. UTF-16 decoding has been improved. Detailed warnings for broken registry values have been added. There are minor speedups and memory leak fixes.
Release Notes: This release contains two minor bugfixes. No significant feature changes were made. Endian issues and other output issues with DWORDs were fixed. DWORD_BE (big-endian) support had been overlooked and was added in this release.