RegRipper on OS X

I'm a multi-platform guy but these day's I'm doing most of my personal work on a Mac. I found that while reading Windows Forensic Analysis 2E that it was time to get RegRipper running on my new Mac. It's quite simple really, go to http://www.regripper.net/ download the latest version (rr_20080909.zip as of this post).

1. After unzipping and copying the files to someplace sane, make sure you have the required Win32Registry module installed (Update: Install the missing Perl module using CPAN).

cpan> install Parse::Win32Registry

2. Next, edit rip.pl and change the path of Perl to match your installation. In my case it's /usr/bin/perl. RegRipper is set to c:\perl\bin\perl.exe as the author seems to prefer Windows as his development platform.

3. Finally, set the appropriate path for all the RegRipper plugins. Edit the rip.pl and define the variable my $plugindir to suit your installation. Why rip.pl and not rr.pl? Well since we are on a Mac which doesn't support Win32::GUI Perl modules we are left with rip.pl as the tool for registry parsing.

Once the above steps are done, type rip.pl and get cracking on those hives!