Alternatives and similar repositories for regipy:

Users that are interested in regipy are comparing it to the libraries listed below

• airbus-cert / regrippy
  A modern Python-3-based alternative to RegRipper
  ☆192Updated 2 months ago
• davidpany / WMI_Forensics
  ☆297Updated 4 years ago
• msuhanov / dfir_ntfs
  An NTFS/FAT parser for digital forensics & incident response
  ☆198Updated 3 months ago
• williballenthin / EVTXtract
  EVTXtract recovers and reconstructs fragments of EVTX log files from raw binary data, including unallocated space and memory images.
  ☆192Updated 4 years ago
• mandiant / ShimCacheParser
  ☆275Updated last year
• CERT-Polska / mquery
  YARA malware query accelerator (web frontend)
  ☆421Updated last week
• kirk-sayre-work / ViperMonkey
  A VBA parser and emulation engine to analyze malicious macros.
  ☆95Updated this week
• Velocidex / c-aff4
  An AFF4 C++ implementation.
  ☆195Updated last year
• mbevilacqua / appcompatprocessor
  "Evolving AppCompat/AmCache data analysis beyond grep"
  ☆200Updated 3 years ago
• InQuest / yara-rules
  A collection of YARA rules we wish to share with the world, most probably referenced from http://blog.inquest.net.
  ☆370Updated 2 years ago
• williballenthin / INDXParse
  Tool suite for inspecting NTFS artifacts.
  ☆218Updated last year
• AndrewRathbun / VanillaWindowsReference
  A repo that contains recursive directory listings (using PowerShell) of a vanilla (clean) install of every Windows OS version to compare …
  ☆152Updated 2 months ago
• msuhanov / yarp
  Yet another registry parser
  ☆130Updated 2 years ago
• mandiant / flare-wmi
  ☆422Updated last year
• orlikoski / CDQR
  The Cold Disk Quick Response (CDQR) tool is a fast and easy to use forensic artifact parsing tool that works on disk images, mounted driv…
  ☆336Updated 2 years ago
• EricZimmerman / evtx
  C# based evtx parser with lots of extras
  ☆289Updated 2 weeks ago
• R3MRUM / PSDecode
  PowerShell script for deobfuscating encoded PowerShell scripts
  ☆424Updated 4 years ago
• Xumeiquer / yara-forensics
  Set of Yara rules for finding files using magics headers
  ☆136Updated 4 years ago
• MarkBaggett / srum-dump
  A forensics tool to convert the data in the Windows srum (System Resource Usage Monitor) database to an xlsx spreadsheet.
  ☆603Updated 3 months ago
• JPCERTCC / MalConfScan
  Volatility plugin for extracts configuration data of known malware
  ☆487Updated last year
• mark-hallman / plaso_filters
  Scripts to facilitate filtering with Plaso
  ☆125Updated 4 years ago
• StrangerealIntel / DailyIOC
  IOC from articles, tweets for archives
  ☆313Updated last year
• williballenthin / python-registry
  Pure Python parser for Windows Registry hives.
  ☆427Updated 3 weeks ago
• dod-cyber-crime-center / DC3-MWCP
  DC3 Malware Configuration Parser (DC3-MWCP) is a framework for parsing configuration information from malware. The information extracted …
  ☆307Updated last week
• JPCERTCC / ToolAnalysisResultSheet
  Tool Analysis Result Sheet
  ☆347Updated 7 years ago
• mikesxrs / Open-Source-YARA-rules
  YARA Rules I come across on the internet
  ☆336Updated 10 months ago
• EricZimmerman / RECmd
  Command line access to the Registry
  ☆135Updated last month
• InQuest / iocextract
  Defanged Indicator of Compromise (IOC) Extractor.
  ☆518Updated 5 months ago
• joesecurity / sigma-rules
  Sigma rules from Joe Security
  ☆206Updated 3 months ago
• rowingdude / analyzeMFT
  analyzeMFT.py is designed to fully parse the MFT file from an NTFS filesystem and present the results as accurately as possible in multip…
  ☆461Updated 4 months ago