Alternatives and similar repositories for regipy:

Users that are interested in regipy are comparing it to the libraries listed below

• airbus-cert / regrippy
  A modern Python-3-based alternative to RegRipper
  ☆193Updated 3 months ago
• msuhanov / dfir_ntfs
  An NTFS/FAT parser for digital forensics & incident response
  ☆200Updated 4 months ago
• davidpany / WMI_Forensics
  ☆302Updated 4 years ago
• williballenthin / EVTXtract
  EVTXtract recovers and reconstructs fragments of EVTX log files from raw binary data, including unallocated space and memory images.
  ☆192Updated last week
• Velocidex / c-aff4
  An AFF4 C++ implementation.
  ☆197Updated 2 years ago
• williballenthin / INDXParse
  Tool suite for inspecting NTFS artifacts.
  ☆219Updated last year
• mbevilacqua / appcompatprocessor
  "Evolving AppCompat/AmCache data analysis beyond grep"
  ☆201Updated 3 years ago
• mandiant / ShimCacheParser
  ☆275Updated last year
• msuhanov / yarp
  Yet another registry parser
  ☆131Updated 2 years ago
• kirk-sayre-work / ViperMonkey
  A VBA parser and emulation engine to analyze malicious macros.
  ☆95Updated last month
• LDO-CERT / orochi
  The Volatility Collaborative GUI
  ☆240Updated this week
• Xumeiquer / yara-forensics
  Set of Yara rules for finding files using magics headers
  ☆136Updated 4 years ago
• MarkBaggett / ese-analyst
  This is a set of tools for doing forensics analysis on Microsoft ESE databases.
  ☆124Updated 3 years ago
• mandiant / flare-wmi
  ☆427Updated last year
• orlikoski / CDQR
  The Cold Disk Quick Response (CDQR) tool is a fast and easy to use forensic artifact parsing tool that works on disk images, mounted driv…
  ☆336Updated 2 years ago
• EricZimmerman / RECmd
  Command line access to the Registry
  ☆137Updated 2 months ago
• AndrewRathbun / VanillaWindowsReference
  A repo that contains recursive directory listings (using PowerShell) of a vanilla (clean) install of every Windows OS version to compare …
  ☆154Updated 3 months ago
• CERT-Polska / mquery
  YARA malware query accelerator (web frontend)
  ☆422Updated this week
• EricZimmerman / evtx
  C# based evtx parser with lots of extras
  ☆293Updated last week
• mark-hallman / plaso_filters
  Scripts to facilitate filtering with Plaso
  ☆124Updated 4 years ago
• forensicanalysis / artifactcollector
  🧭 The artifactcollector is a customizable agent to collect forensic artifacts on any Windows, macOS or Linux system
  ☆281Updated last month
• rowingdude / analyzeMFT
  analyzeMFT.py is designed to fully parse the MFT file from an NTFS filesystem and present the results as accurately as possible in multip…
  ☆470Updated 5 months ago
• R3MRUM / PSDecode
  PowerShell script for deobfuscating encoded PowerShell scripts
  ☆424Updated 4 years ago
• OWNsecurity / fastir_artifacts
  Live forensic artifacts collector
  ☆165Updated 8 months ago
• libyal / winreg-kb
  Windows Registry Knowledge Base
  ☆173Updated 5 months ago
• muteb / Hoarder
  This script is made to collect the most valiable artifacts for foreniscs or incident reponse investigation rather than imaging the whole …
  ☆198Updated 4 years ago
• MarkBaggett / srum-dump
  A forensics tool to convert the data in the Windows srum (System Resource Usage Monitor) database to an xlsx spreadsheet.
  ☆616Updated 4 months ago
• EricZimmerman / MFTECmd
  Parses $MFT from NTFS file systems
  ☆229Updated this week
• williballenthin / python-registry
  Pure Python parser for Windows Registry hives.
  ☆428Updated last month
• advanced-threat-research / Yara-Rules
  Repository of YARA rules made by Trellix ATR Team
  ☆579Updated this week