analyzing-windows-registry-for-artifacts
CommunityUncover Windows Registry artifacts for forensics.
AuthorAxxxxxxaaann
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Windows Registry data stores user activity, software installation, and persistence evidence. This skill provides structured extraction and analysis of multiple hives (SAM, SYSTEM, SOFTWARE, NTUSER.DAT, UsrClass.dat) to reconstruct activity timelines and system state for incident response and investigations.
Core Features & Use Cases
- Automated extraction of registry artifacts using RegRipper, Registry Explorer, and python-registry.
- Analysis of autorun, UserAssist, RecentDocs, typed URLs/paths, and installed software to build event timelines.
- Supports cross-hive correlation (registry hives + USB history + network info) for malware and insider-threat investigations.
Quick Start
Mount the target registry hives and run the agent to generate a structured JSON report.
Dependency Matrix
Required Modules
regipy
Components
scriptsreferences
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: analyzing-windows-registry-for-artifacts Download link: https://github.com/Axxxxxxaaann/KAIRI-Skills/archive/main.zip#analyzing-windows-registry-for-artifacts Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.