Exploring Internet Explorer with RegRipper
![Image](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg2D5kOavRIEreIg9Tbh7PZ07uJkKFhy6INDk7ujP7ABmNGaIW2UaYZp0gDl_hTC0bxYjivV6Z4TzOAVUrrqjSRr3GnaPAXVjS-QoK1NsgQDNrM2HspPYv2IRhGb6_81CGrQiGUD0A76Ek/s1600/jango.png)
In the last case... I was feeling that some Internet Explorer artifacts were missing, so I decided to take a look at RegRipper plugins that parse the user registry NTUSER.DAT to see if they could help me. Honestly I have not a clear idea on where to search for a sign since I usually get information from IE cache files and not from registry. RegRipper IE plugins mini-survey Actually there exist 4 Internet Explorer plugins, being: ie_main: ( NTUSER ) despite the reported description in the source file header (" the plugin Checks keys/values set by new version of Trojan.Clampi ") the plugin parses (details later) the " Software\Microsoft\Internet Explorer\Main " key and it was written by Harlan Carvey at 19/09/2009. ie_settings: ( NTUSER ) the plugin reports the User Agent string used by IE when visiting sites and the ZoneSecurityUpgrade value inside the " Software\Microsoft\Windows\CurrentVersion\Inter