windows-registry-analysis
CommunityEfficiently analyze Windows Registry data from disk images.
Authormgreen27
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill enables comprehensive small-to-large scale registry triage on Windows images by executing Velociraptor's Registry.Hunter artifact, streamlining the process of forensic analysis.
Core Features & Use Cases
- Broad Registry Triage: Run Velociraptor's Registry.Hunter with specific parameters to target multiple registry categories efficiently.
- Targeted Investigations: Split collection waves by registry category to focus on relevant areas like installed software, user accounts, or system info.
- Use Case: For incident response, quickly gather registry data from remote systems to identify anomalies such as unauthorized software or suspicious user accounts.
Quick Start
Confirm the Velociraptor server is set up locally, verify the target system is online, then run Registry.Hunter with RemappingStrategy set to None to obtain registry details.
Dependency Matrix
Required Modules
None requiredComponents
references
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: windows-registry-analysis Download link: https://github.com/mgreen27/dfir-skills/archive/main.zip#windows-registry-analysis Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.