Windows Registry Knowledge Base
☆195Dec 23, 2025Updated 2 months ago
Alternatives and similar repositories for winreg-kb
Users that are interested in winreg-kb are comparing it to the libraries listed below
Sorting:
- Digital Forensics Artifacts Knowledge Base☆89Dec 23, 2025Updated 2 months ago
- A repo that contains a recursive dump from the ROOT key of every Windows Registry hive (using KAPE) from a vanilla (clean) install of eve…☆53Oct 29, 2025Updated 4 months ago
- Windows registry samples☆24Nov 18, 2018Updated 7 years ago
- A repo for centralizing ongoing research on the new Windows 10/11 DFIR artifact, EventTranscript.db.☆43Jul 18, 2022Updated 3 years ago
- This script will generate hashes (MD5, SHA1, SHA256), submit the MD5 to Virus Total, and produce a text file with the results.☆15Jul 13, 2023Updated 2 years ago
- Documentation repository☆47Feb 11, 2026Updated 3 weeks ago
- Windows Event Log Knowledge Base☆31Dec 23, 2025Updated 2 months ago
- Extensible Storage Engine (ESE) Database File Knowledge Base☆46Dec 23, 2025Updated 2 months ago
- Windows registry file format specification☆355Oct 27, 2018Updated 7 years ago
- Parse Microsoft shim databases☆32Jan 8, 2025Updated last year
- Digital Forensics Windows Registry (dfWinReg)☆54Dec 22, 2025Updated 2 months ago
- Forensic cheatsheets for use with cheat☆15Dec 2, 2021Updated 4 years ago
- Assist analyst and threat hunters to understand Windows authentication logs and to analyze brutforce scenarios.☆20Jul 1, 2023Updated 2 years ago
- ☆18Mar 28, 2023Updated 2 years ago
- Various PowerShells scripts I've made (or others have made) to automate some of the boring stuff in my everyday DFIR journey!☆51Jan 9, 2026Updated last month
- Parser for $LogFile on NTFS☆215Jun 1, 2025Updated 9 months ago
- The goal of this repo is to archive artifacts from all versions of various OS's and categorizing them by type. This will help with artifa…☆646Nov 7, 2025Updated 3 months ago
- Event Tracing For Windows (ETW) Resources☆417Oct 30, 2025Updated 4 months ago
- Automatic/Custom Destinations & LNK (MS-SHLLINK) Browser☆44Updated this week
- PowerShell scripts to aid investigators when utilizing O365 and Magnet Axiom.☆12Aug 26, 2024Updated last year
- ☆77Updated this week
- Digital Forensics artifact repository☆1,208Feb 11, 2026Updated 3 weeks ago
- USN Journal full path builder☆66Sep 16, 2024Updated last year
- Blueteam operational triage registry hunting/forensic tool.☆149Sep 2, 2025Updated 6 months ago
- An NTFS/FAT parser for digital forensics & incident response☆220Oct 31, 2025Updated 4 months ago
- Search Index Database Reporter☆131Oct 28, 2025Updated 4 months ago
- Collection of Event ID ressources useful for Digital Forensics and Incident Response☆644Jun 19, 2024Updated last year
- Document ETW providers☆272Mar 28, 2020Updated 5 years ago
- Yet another registry parser☆138Apr 15, 2022Updated 3 years ago
- Library to process OLE compound file format. This is a work in progress and was initially written for jumplist parsing (for which it does…☆19Feb 2, 2025Updated last year
- This repository serves as a place for community created Targets and Modules for use with KAPE.☆817Feb 26, 2026Updated last week
- A curated list of KAPE-related resources☆182May 1, 2025Updated 10 months ago
- This is a repository for reporting any issues in any of my software☆13May 15, 2018Updated 7 years ago
- NTFS file system specimens☆13Jul 3, 2023Updated 2 years ago
- A Windows registry file parser written in Rust☆41Oct 30, 2025Updated 4 months ago
- A config file that's curated for DFIR examiners with shortcuts to common Windows artifacts and settings enabled that help make your life …☆39Jan 6, 2025Updated last year
- geolocate ip addresses in IIS logs☆20Jan 8, 2025Updated last year
- Decode security descriptors in $Secure on NTFS☆22Feb 24, 2022Updated 4 years ago
- Enumerate various traits from Windows processes as an aid to threat hunting☆202Jan 13, 2022Updated 4 years ago