Alternatives and similar repositories for libfwsi:

Users that are interested in libfwsi are comparing it to the libraries listed below

• EricZimmerman / Lnk
  Lnk file parser
  ☆86Updated 2 months ago
• EricZimmerman / GuidMapping
  ☆18Updated 3 months ago
• libyal / winreg-kb
  Windows Registry Knowledge Base
  ☆173Updated 6 months ago
• strozfriedberg / ntfs-linker
  An NTFS journal parser
  ☆82Updated 9 years ago
• williballenthin / shellbags
  Cross-platform, open-source shellbag parser
  ☆150Updated 2 years ago
• msuhanov / yarp
  Yet another registry parser
  ☆132Updated 3 years ago
• EricZimmerman / Prefetch
  Windows Prefetch parser. Supports all known versions from Windows XP to Windows 10.
  ☆112Updated 3 months ago
• msuhanov / regf-samples
  Windows registry samples
  ☆23Updated 6 years ago
• jschicht / Secure2Csv
  Decode security descriptors in $Secure on NTFS
  ☆20Updated 3 years ago
• kacos2000 / Win10
  Win 10/11 related research
  ☆184Updated last year
• EricZimmerman / RegistryPlugins
  ☆65Updated last month
• mattifestation / BCD
  BCD is a module to interact with boot configuration data (BCD) either locally or remotely using the ROOT/WMI:Bcd* WMI classes. The functi…
  ☆60Updated 4 years ago
• woanware / autorunner
  Emulates the Sysinternals Autoruns tool, but for DFIR purposes e.g. multi user processing
  ☆55Updated 5 years ago
• EricZimmerman / RegistryExplorerBookmarks
  Registry Explorer bookmark definitions
  ☆41Updated 4 months ago
• williballenthin / INDXParse
  Tool suite for inspecting NTFS artifacts.
  ☆221Updated last year
• EricZimmerman / Registry
  Full featured, offline Registry parser in C#
  ☆229Updated 3 months ago
• libyal / libregf
  Library and tools to access the Windows NT Registry File (REGF) format
  ☆116Updated 8 months ago
• kacos2000 / WindowsTimeline
  Windows 10 (v1803+) ActivitiesCache.db parsers (SQLite, PowerShell, .EXE)
  ☆188Updated 2 years ago
• msuhanov / regf
  Windows registry file format specification
  ☆336Updated 6 years ago
• Silv3rHorn / ArtifactExtractor
  Extract common Windows artifacts from source images and VSCs
  ☆65Updated 3 years ago
• EricZimmerman / RECmd
  Command line access to the Registry
  ☆142Updated 2 weeks ago
• EricZimmerman / ExtensionBlocks
  Extension blocks as found in ShellBags and other places in the Registry
  ☆24Updated 3 months ago
• woanware / wmi-parser
  Parses the WMI object database....looking for persistence
  ☆31Updated 5 years ago
• kacos2000 / MFT_Record_Viewer
  $MFT Record Viewer
  ☆22Updated 2 years ago
• libyal / libscca
  Library and tools to access the Windows Prefetch File (SCCA) format.
  ☆73Updated 3 months ago
• Paul-Tew / lifer
  Windows link file (shortcuts) examiner
  ☆68Updated 10 months ago
• EricZimmerman / JumpList
  ☆116Updated 2 months ago
• EricZimmerman / MFT
  MFT parser
  ☆65Updated 2 months ago
• libyal / libyal
  Yet another library library (and tools)
  ☆207Updated 3 months ago
• libyal / esedb-kb
  Extensible Storage Engine (ESE) Database File Knowledge Base
  ☆43Updated 6 months ago