☆174Aug 25, 2023Updated 2 years ago
Alternatives and similar repositories for Windows-Registry-Analysis-Cheat-Sheet
Users that are interested in Windows-Registry-Analysis-Cheat-Sheet are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Python based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)☆69Sep 13, 2023Updated 2 years ago
- Tools for Incident Response and Malware Analysis☆11Feb 9, 2025Updated last year
- A hex viewer for the sleuths!☆20Nov 7, 2025Updated 5 months ago
- Forensic cheatsheets for use with cheat☆15Dec 2, 2021Updated 4 years ago
- USN Journal full path builder☆69Apr 16, 2026Updated 2 weeks ago
- Managed Database hosting by DigitalOcean • AdPostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
- Web app built to allow digital forensic professionals to search for the forensic tools that will parse artifacts from various apps.☆18Apr 30, 2025Updated last year
- StickyParser - Sticky Notes Forensic. A Windows Sticky Notes Praser (snt and plum.sqlite supported). Additional Feature: SQLite Recovery …☆21Jul 18, 2023Updated 2 years ago
- Contains compiled binaries of Volatility☆36May 18, 2025Updated 11 months ago
- FileSigExtractor is a python based tool which extracts the file signatures of all files within a directory and writes the output to a CSV…☆10Jul 15, 2023Updated 2 years ago
- Practical Windows Forensics Training☆764Feb 16, 2026Updated 2 months ago
- Harness the power of Splunk for your investigations☆162Oct 11, 2025Updated 6 months ago
- A parser of Windows Defender's DetectionHistory forensic artifact, containing substantial info about quarantined files and executables.☆118Jan 26, 2022Updated 4 years ago
- Hunt for SQLite files used by various applications☆31Mar 1, 2026Updated 2 months ago
- Collection of Event ID ressources useful for Digital Forensics and Incident Response☆647Jun 19, 2024Updated last year
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- Vault of Windows Registry forensic artifacts☆30Nov 12, 2025Updated 5 months ago
- Python script to walk a folder or a zip file for SQLite Databases☆37Sep 20, 2023Updated 2 years ago
- Project based on RegRipper, to extract add'l value/pivot points from TLN events file☆89Feb 9, 2025Updated last year
- Handbook of windows forensic artifacts across multiple Windows version with interpretation tips and some examples. Work in progress!☆475Aug 13, 2024Updated last year
- Just Another broken Registry Parser (JARP)☆16May 23, 2024Updated last year
- A repo that aims to centralize a current, running list of relevant parsers/tools for known DFIR artifacts☆80Oct 20, 2025Updated 6 months ago
- Convert a variety of log formats to CSV while enriching detected IPs with Geolocation, ASN, DNS, WhoIs, Shodan InternetDB and Threat Indi…☆111Feb 6, 2026Updated 2 months ago
- ☆35Dec 6, 2023Updated 2 years ago
- A tool for fetching DFIR and other GitHub tools.☆27Aug 2, 2025Updated 8 months ago
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- PowerShell scripts to aid investigators when utilizing O365 and Magnet Axiom.��☆12Aug 26, 2024Updated last year
- This is to edit a training forensic image file (raw/dd) and zero out all the unnecessary files.☆11Jun 21, 2025Updated 10 months ago
- A repo to centralize some of the regular expressions I've found useful over the course of my DFIR career.☆108Mar 12, 2026Updated last month
- WLEAPP is an open source project that aims to parse Windows OS artifacts for the purpose of triage analysis.☆34Nov 16, 2023Updated 2 years ago
- Is a portable forensic tool for analyzing Windows logs, pre-organized according to the methodology outlined in this job: https://cybersec…☆16Jul 19, 2025Updated 9 months ago
- This repo is about Active Directory Advanced Threat Hunting☆650Feb 17, 2025Updated last year
- MasterParser is a powerful DFIR tool designed for analyzing and parsing Linux logs☆758Feb 1, 2026Updated 3 months ago
- Search Index Database Reporter☆136Oct 28, 2025Updated 6 months ago
- ☆24Mar 12, 2025Updated last year
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- A simple python script to generate nested folders based on user input. The script will also name and place a template report document and…☆12Jun 19, 2025Updated 10 months ago
- A repo that contains recursive directory listings (using PowerShell) of a vanilla (clean) install of every Windows OS version to compare …☆197Oct 29, 2025Updated 6 months ago
- A sample VHDX file with multiple verbose examples of forensic and anti-forensics artifacts. Meant to be basic and can be expanded upon. P…☆27Jan 2, 2023Updated 3 years ago
- An easy to use PowerShell script to collect memory and disk forensics for DFIR investigations.☆340Dec 3, 2025Updated 4 months ago
- FQLite - SQLite Forensic Toolkit. FQLite is a tool to find and restore deleted records in SQlite databases. It therefore examines the dat…☆149Feb 20, 2026Updated 2 months ago
- Various PowerShells scripts I've made (or others have made) to automate some of the boring stuff in my everyday DFIR journey!☆53Jan 9, 2026Updated 3 months ago
- A config file that's curated for DFIR examiners with shortcuts to common Windows artifacts and settings enabled that help make your life …☆40Jan 6, 2025Updated last year