libyal / winreg-kb
Windows Registry Knowledge Base
☆172Updated 5 months ago
Alternatives and similar repositories for winreg-kb:
Users that are interested in winreg-kb are comparing it to the libraries listed below
- AppCompatCache (shimcache) parser. Supports Windows 7 (x86 and x64), Windows 8.x, and Windows 10☆114Updated 2 months ago
- Windows Prefetch parser. Supports all known versions from Windows XP to Windows 10.☆111Updated 2 months ago
- Command line access to the Registry☆137Updated last month
- Parser for $UsnJrnl on NTFS☆109Updated 2 years ago
- $MFT directory tree reconstruction & FILE record info☆297Updated 5 months ago
- An NTFS/FAT parser for digital forensics & incident response☆199Updated 4 months ago
- Lnk Explorer Command line edition!!☆290Updated 2 months ago
- Parses amcache.hve files, but with a twist!☆130Updated 2 months ago
- C# based evtx parser with lots of extras☆290Updated last month
- ☆62Updated last week
- Windows 10 (v1803+) ActivitiesCache.db parsers (SQLite, PowerShell, .EXE)☆181Updated 2 years ago
- Library and tools to access the Windows Prefetch File (SCCA) format.☆73Updated 2 months ago
- Event Tracing For Windows (ETW) Resources☆362Updated 5 months ago
- A repo that contains recursive directory listings (using PowerShell) of a vanilla (clean) install of every Windows OS version to compare …☆153Updated 3 months ago
- MFT parser☆64Updated last month
- SysmonX - An Augmented Drop-In Replacement of Sysmon☆214Updated 5 years ago
- Carve file metadata from NTFS index ($I30) attributes☆63Updated last year
- Tool suite for inspecting NTFS artifacts.☆219Updated last year
- Script for parsing Symantec Endpoint Protection logs, VBNs, and ccSubSDK database.☆64Updated 2 years ago
- A guide on how to write fast and memory friendly YARA rules☆141Updated last month
- Win 10/11 related research☆184Updated last year
- A parser of Windows Defender's DetectionHistory forensic artifact, containing substantial info about quarantined files and executables.☆113Updated 3 years ago
- Parser for $LogFile on NTFS☆192Updated last year
- An AFF4 C++ implementation.☆196Updated last year
- Events from all manifest-based and mof-based ETW providers across Windows 10 versions☆286Updated 10 months ago
- ☆67Updated 2 weeks ago
- A repo that contains a recursive dump from the ROOT key of every Windows Registry hive (using KAPE) from a vanilla (clean) install of eve…☆45Updated last year
- Yet another registry parser☆131Updated 2 years ago
- ☆91Updated 2 years ago
- ☆146Updated 9 months ago