mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-17 02:07:42 +00:00
Code Issues Packages Projects Releases Wiki Activity
autopsy-flatpak/RecentActivity/release/rr-full/plugins/realplayer6.pl
APriestman fe62624541 Updated RecentActivity to use RegRipper 2.8. 
Added additional RegRipper modules to support STIX data.
Stopped RecentActivity IE parser from generating empty user accounts.
2014-12-03 14:21:14 -05:00

78 lines
2.0 KiB
Perl
Executable File
Raw Blame History

#-----------------------------------------------------------
# realplayer6.pl
# Plugin for Registry Ripper
# Get Real Player 6 MostRecentClipsx values
#
# Change history
#
#
# References
#
# Note: LastWrite times on c subkeys will all be the same,
# as each subkey is modified as when a new entry is added
#
# copyright 2008 H. Carvey
#-----------------------------------------------------------
package realplayer6;
use strict;
my %config = (hive => "NTUSER\.DAT",
hasShortDescr => 1,
hasDescr => 0,
hasRefs => 0,
osmask => 22,
version => 20080324);
sub getConfig{return %config}
sub getShortDescr {
return "Gets user's RealPlayer v6 MostRecentClips\(Default) values";
}
sub getDescr{}
sub getRefs {}
sub getHive {return $config{hive};}
sub getVersion {return $config{version};}
my $VERSION = getVersion();
sub pluginmain {
my $class = shift;
my $ntuser = shift;
::logMsg("Launching realplayer6 v.".$VERSION);
::rptMsg("realplayer6 v.".$VERSION); # banner
::rptMsg("(".getHive().") ".getShortDescr()."\n"); # banner
my $reg = Parse::Win32Registry->new($ntuser);
my $root_key = $reg->get_root_key;
my $key_path = "Software\\RealNetworks\\RealPlayer\\6.0\\Preferences";
my $key = $root_key->get_subkey($key_path);
if ($key) {
::rptMsg($key_path);
::rptMsg("LastWrite Time ".gmtime($key->get_timestamp())." (UTC)");
my %rpkeys;
my $tag = "MostRecentClips";
my @subkeys = $key->get_list_of_subkeys();
if (scalar @subkeys > 0) {
foreach my $s (@subkeys) {
my $name = $s->get_name();
if ($name =~ m/^$tag/) {
my $num = $name;
$num =~ s/$tag//;
$rpkeys{$num}{name} = $name;
$rpkeys{$num}{data} = $s->get_value('')->get_data();
$rpkeys{$num}{lastwrite} = $s->get_timestamp();
}
}
foreach my $k (sort keys %rpkeys) {
::rptMsg("\t".$rpkeys{$k}{name}." -> ".$rpkeys{$k}{data});
}
}
else {
::rptMsg($key_path." has no subkeys.");
}
}
else {
::rptMsg($key_path." not found.");
}
}
1;
Reference in New Issue View Git Blame Copy Permalink