Release Notes: This release has greatly increased speed through a rewrite of the underlying regfi library. It adds a new tool, reglookup-recover, which attempts to recover deleted keys, values, and other data structures from unallocated registry hive areas. It has improved data validation for more secure operation. The regfi library interface has been expanded to allow more direct access to data structures. Several output bugs and a path/type filtering bug have been fixed.
Release Notes: This bugfix release addresses some issues identified since the last release and includes no significant changes to functionality. Fixes include minor changes and fixes to Unicode handling in pyregfi, a correction for an infinite loop on corrupted registries, an added ldconfig call during installation, and improved error reporting.
Release Notes: SK records and security descriptors are now accessible in pyregfi. Key caching was added to regfi, and SK caching was reintroduced. Minor API simplifications were made and documentation was improved. Numerous bugs were fixed.
Release Notes: This 1.0 release candidate contains major improvements to regfi usability. regfi was made a proper library, and major improvements were made to the API. Python bindings (pyregfi) were added for regfi. The Make-based build system was replaced with a SCons-based one. Numerous improvements were made in regfi for multithreaded use and memory management. API documentation was improved.
Release Notes: Big data support was improved and added to reglookup-recover. A -i option was added to reglookup for assisting with timeline generation. Unicode support was improved by correctly interpreting UTF-16LE key and value names. Data type interpretation was moved into regfi, and the regfi library interface was reorganized. regfi documentation was improved and Doxygen formatting was added.
Release Notes: Experimental support for "big data" records. Experimental support cross-compiling to Windows using MinGW. Correctly handles known key flags. Overhauled memory allocation by switching to talloc. Many memory leaks have been fixed. Improved recovery rate in reglookup-recover with more modular parsing of deleted structures. Fixes for minor NULL pointer dereferences.