mkorman90 / regipyLinks
Regipy is an os independent python library for parsing offline registry hives
☆262Updated last week
Alternatives and similar repositories for regipy
Users that are interested in regipy are comparing it to the libraries listed below
Sorting:
- An NTFS/FAT parser for digital forensics & incident response☆212Updated 3 weeks ago
- Tool suite for inspecting NTFS artifacts.☆225Updated last year
- A modern Python-3-based alternative to RegRipper☆197Updated 6 months ago
- An AFF4 C++ implementation.☆211Updated 2 years ago
- ☆306Updated 5 years ago
- A VBA parser and emulation engine to analyze malicious macros.☆96Updated 2 months ago
- EVTXtract recovers and reconstructs fragments of EVTX log files from raw binary data, including unallocated space and memory images.☆199Updated 7 months ago
- Parser for $LogFile on NTFS☆205Updated 4 months ago
- Command line access to the Registry☆157Updated last week
- Yet another registry parser☆136Updated 3 years ago
- ☆278Updated 2 years ago
- YARA malware query accelerator (web frontend)☆434Updated last month
- "Evolving AppCompat/AmCache data analysis beyond grep"☆205Updated 4 years ago
- Set of Yara rules for finding files using magics headers☆140Updated 5 years ago
- A better strings utility!☆142Updated 2 months ago
- analyzeMFT.py is designed to fully parse the MFT file from an NTFS filesystem and present the results as accurately as possible in multip…☆504Updated 2 months ago
- DC3 Malware Configuration Parser (DC3-MWCP) is a framework for parsing configuration information from malware. The information extracted …☆335Updated 8 months ago
- PowerShell script for deobfuscating encoded PowerShell scripts☆426Updated 4 years ago
- YARA Rules I come across on the internet☆352Updated last year
- A repo that contains recursive directory listings (using PowerShell) of a vanilla (clean) install of every Windows OS version to compare …☆181Updated 3 weeks ago
- Extract $MFT record info and log it to a csv file.☆277Updated last year
- Pure Python parser for Windows Registry hives.☆435Updated 8 months ago
- Automatic deployment of Cuckoo Sandbox malware lab using Packer and Vagrant☆238Updated 2 years ago
- ☆150Updated last year
- Forensics artefact collection tool for systems running Microsoft Windows☆425Updated 6 months ago
- Python bindings for https://github.com/omerbenamram/evtx/☆52Updated 8 months ago
- $MFT directory tree reconstruction & FILE record info☆314Updated last year
- Windows Prefetch parser. Supports all known versions from Windows XP to Windows 10.☆114Updated 9 months ago
- Scripts to facilitate filtering with Plaso☆127Updated 5 years ago
- The Volatility Collaborative GUI☆254Updated this week