☆175Aug 25, 2023Updated 2 years ago
Alternatives and similar repositories for Windows-Registry-Analysis-Cheat-Sheet
Users that are interested in Windows-Registry-Analysis-Cheat-Sheet are comparing it to the libraries listed below
Sorting:
- Python based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)☆68Sep 13, 2023Updated 2 years ago
- Tools for Incident Response and Malware Analysis☆11Feb 9, 2025Updated last year
- A hex viewer for the sleuths!☆20Nov 7, 2025Updated 4 months ago
- Forensic cheatsheets for use with cheat☆15Dec 2, 2021Updated 4 years ago
- USN Journal full path builder☆67Sep 16, 2024Updated last year
- Web app built to allow digital forensic professionals to search for the forensic tools that will parse artifacts from various apps.☆18Apr 30, 2025Updated 10 months ago
- StickyParser - Sticky Notes Forensic. A Windows Sticky Notes Praser (snt and plum.sqlite supported). Additional Feature: SQLite Recovery …☆21Jul 18, 2023Updated 2 years ago
- Contains compiled binaries of Volatility☆36May 18, 2025Updated 10 months ago
- FileSigExtractor is a python based tool which extracts the file signatures of all files within a directory and writes the output to a CSV…☆10Jul 15, 2023Updated 2 years ago
- Harness the power of Splunk for your investigations☆158Oct 11, 2025Updated 5 months ago
- Practical Windows Forensics Training☆754Feb 16, 2026Updated last month
- A parser of Windows Defender's DetectionHistory forensic artifact, containing substantial info about quarantined files and executables.☆117Jan 26, 2022Updated 4 years ago
- Hunt for SQLite files used by various applications☆30Mar 1, 2026Updated 3 weeks ago
- Collection of Event ID ressources useful for Digital Forensics and Incident Response☆644Jun 19, 2024Updated last year
- Vault of Windows Registry forensic artifacts☆28Nov 12, 2025Updated 4 months ago
- Python script to walk a folder or a zip file for SQLite Databases☆37Sep 20, 2023Updated 2 years ago
- Project based on RegRipper, to extract add'l value/pivot points from TLN events file☆89Feb 9, 2025Updated last year
- Handbook of windows forensic artifacts across multiple Windows version with interpretation tips and some examples. Work in progress!☆464Aug 13, 2024Updated last year
- Just Another broken Registry Parser (JARP)☆16May 23, 2024Updated last year
- A repo that aims to centralize a current, running list of relevant parsers/tools for known DFIR artifacts☆79Oct 20, 2025Updated 5 months ago
- Convert a variety of log formats to CSV while enriching detected IPs with Geolocation, ASN, DNS, WhoIs, Shodan InternetDB and Threat Indi…☆110Feb 6, 2026Updated last month
- A tool for fetching DFIR and other GitHub tools.☆26Aug 2, 2025Updated 7 months ago
- ☆35Dec 6, 2023Updated 2 years ago
- PowerShell scripts to aid investigators when utilizing O365 and Magnet Axiom.☆12Aug 26, 2024Updated last year
- This is to edit a training forensic image file (raw/dd) and zero out all the unnecessary files.☆11Jun 21, 2025Updated 9 months ago
- A repo to centralize some of the regular expressions I've found useful over the course of my DFIR career.☆107Mar 12, 2026Updated last week
- WLEAPP is an open source project that aims to parse Windows OS artifacts for the purpose of triage analysis.☆32Nov 16, 2023Updated 2 years ago
- Is a portable forensic tool for analyzing Windows logs, pre-organized according to the methodology outlined in this job: https://cybersec…☆15Jul 19, 2025Updated 8 months ago
- This repo is about Active Directory Advanced Threat Hunting☆649Feb 17, 2025Updated last year
- MasterParser is a powerful DFIR tool designed for analyzing and parsing Linux logs☆757Feb 1, 2026Updated last month
- Search Index Database Reporter☆131Oct 28, 2025Updated 4 months ago
- ☆24Mar 12, 2025Updated last year
- A repo that contains recursive directory listings (using PowerShell) of a vanilla (clean) install of every Windows OS version to compare …☆192Oct 29, 2025Updated 4 months ago
- A simple python script to generate nested folders based on user input. The script will also name and place a template report document and…☆11Jun 19, 2025Updated 9 months ago
- Various PowerShells scripts I've made (or others have made) to automate some of the boring stuff in my everyday DFIR journey!☆51Jan 9, 2026Updated 2 months ago
- A sample VHDX file with multiple verbose examples of forensic and anti-forensics artifacts. Meant to be basic and can be expanded upon. P…☆27Jan 2, 2023Updated 3 years ago
- FQLite - SQLite Forensic Toolkit. FQLite is a tool to find and restore deleted records in SQlite databases. It therefore examines the dat…☆142Feb 20, 2026Updated last month
- An easy to use PowerShell script to collect memory and disk forensics for DFIR investigations.☆340Dec 3, 2025Updated 3 months ago
- A config file that's curated for DFIR examiners with shortcuts to common Windows artifacts and settings enabled that help make your life …☆39Jan 6, 2025Updated last year