Seabreg / Regshot
Regshot is a small, free and open-source registry compare utility that allows you to quickly take a snapshot of your registry and then compare it with a second one - done after doing system changes or installing a new software product
☆304Updated 5 years ago
Related projects ⓘ
Alternatives and complementary repositories for Regshot
- Prefetch Explorer Command Line☆220Updated last month
- Lnk Explorer Command line edition!!☆275Updated 4 months ago
- Arsenal Image Mounter mounts the contents of disk images as complete disks in Microsoft Windows.☆520Updated 2 months ago
- Extract $MFT record info and log it to a csv file.�☆258Updated last month
- The multi-platform memory acquisition tool.☆689Updated 3 months ago
- RegRipper3.0☆554Updated last week
- MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR☆534Updated last week
- Windows Registry Knowledge Base☆162Updated last month
- Parses $MFT from NTFS file systems☆198Updated last week
- ☆138Updated 10 years ago
- 🚀AutoRuns is a PowerShell module that will help do live incident response and enumerate autoruns artifacts that may be used by legitima…☆255Updated 6 months ago
- Forensics tool for NTFS (parser, mft, bitlocker, deleted files)☆477Updated last year
- Content for sysinternals.com☆65Updated 5 years ago
- Encyclopedia for Executables☆416Updated 3 years ago
- Commandline low level file extractor for NTFS☆274Updated 5 years ago
- Sysmon configuration file template with default high-quality event tracing☆454Updated 9 months ago
- C# based evtx parser with lots of extras☆280Updated 2 months ago
- A forensics tool to convert the data in the Windows srum (System Resource Usage Monitor) database to an xlsx spreadsheet.☆595Updated 11 months ago
- A PowerShell script that attempts to help malware analysts hide their Windows VirtualBox Windows VM's from malware that may be trying to …☆277Updated last year
- $MFT directory tree reconstruction & FILE record info☆292Updated last month
- Living Off The Land Drivers☆1,029Updated last month
- Event Tracing For Windows (ETW) Resources☆348Updated last month
- Parses amcache.hve files, but with a twist!☆118Updated 2 months ago
- A wireshark plugin to instrument ETW☆534Updated 2 years ago
- Total Registry - enhanced Registry editor/viewer☆1,388Updated 3 weeks ago
- ☆105Updated 2 months ago
- PE-bear (builds only)☆768Updated last year
- AppCompatCache (shimcache) parser. Supports Windows 7 (x86 and x64), Windows 8.x, and Windows 10☆109Updated this week
- ☆481Updated 2 months ago
- Get all my software☆141Updated last month