msuhanov/regf

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/msuhanov/regf)

msuhanov / regf

Windows registry file format specification

☆355

Alternatives and similar repositories for regf

Users that are interested in regf are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

Sorting:

msuhanov / yarp
View on GitHub
Yet another registry parser
☆137Apr 15, 2022Updated 3 years ago
msuhanov / regf-samples
View on GitHub
Windows registry samples
☆24Nov 18, 2018Updated 7 years ago
rsa9000 / regfanalysistools
View on GitHub
Low-level MS Windows registry files analysis tools
☆19May 5, 2016Updated 9 years ago
libyal / libregf
View on GitHub
Library and tools to access the Windows NT Registry File (REGF) format
☆133Dec 19, 2025Updated 3 months ago
msuhanov / dfir_ntfs
View on GitHub
An NTFS/FAT parser for digital forensics & incident response
☆224Oct 31, 2025Updated 4 months ago
Open source password manager - Proton Pass • Ad
Securely store, share, and autofill your credentials with Proton Pass, the end-to-end encrypted password manager trusted by millions.
libyal / winreg-kb
View on GitHub
Windows Registry Knowledge Base
☆195Dec 23, 2025Updated 3 months ago
wbenny / EtwConsumerNT
View on GitHub
Simple project that demonstrates how an ETW consumer can be created just by using NTDLL
☆146Feb 23, 2019Updated 7 years ago
jschicht / LogFileParser
View on GitHub
Parser for $LogFile on NTFS
☆215Jun 1, 2025Updated 9 months ago
kacos2000 / Win10
View on GitHub
Win 10/11 related research
☆198Dec 19, 2023Updated 2 years ago
OMENScan / AChoir
View on GitHub
Windows Live Artifacts Acquisition Script
☆190Jun 20, 2022Updated 3 years ago
helpsystems / Agafi
View on GitHub
A gadget finder and a ROP-Chainer tool for x86 platforms
☆95Jun 13, 2021Updated 4 years ago
uyjulian / ao_hook
View on GitHub
☆10Sep 29, 2019Updated 6 years ago
yisonPylkita / powershell_cpp
View on GitHub
PowerShell interpreter for unmanaged (non CLI) C++ projects
☆16Jul 19, 2017Updated 8 years ago
jschicht / RawCopy
View on GitHub
Commandline low level file extractor for NTFS
☆313Jul 30, 2019Updated 6 years ago
Virtual machines for every use case on DigitalOcean • Ad
Get dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
Silv3rHorn / 4n6_misc
View on GitHub
Miscellaneous Scripts
☆17Sep 11, 2020Updated 5 years ago
Velocidex / evtx-data
View on GitHub
Publicly shareable windows event log message data
☆28Nov 29, 2019Updated 6 years ago
ghonsa / DeviceDmp
View on GitHub
Windows device tree walker
☆15Sep 19, 2018Updated 7 years ago
keydet89 / Tools
View on GitHub
Tools from WFA 4/e, timeline tools, etc.
☆145Feb 29, 2024Updated 2 years ago
PoorBillionaire / Windows-Prefetch-Parser
View on GitHub
Parse Windows Prefetch files: Supports XP - Windows 10 Prefetch files
☆122May 29, 2024Updated last year
changeofpace / Remote-Process-Cookie-for-Windows-7
View on GitHub
Obtain remote process cookies by performing a brute-force attack on ntdll.RtlDecodePointer using known pointer encodings.
☆23May 31, 2017Updated 8 years ago
forensicmatt / RustyUsn
View on GitHub
USN to JSON
☆22Apr 4, 2020Updated 5 years ago
AndrewRathbun / EventTranscript.db-Research
View on GitHub
A repo for centralizing ongoing research on the new Windows 10/11 DFIR artifact, EventTranscript.db.
☆44Jul 18, 2022Updated 3 years ago
forensicmatt / RustyLnk
View on GitHub
LNK to JSON
☆14Mar 7, 2019Updated 7 years ago
Managed Database hosting by DigitalOcean • Ad
PostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
jp-slackspace / x-tension-c-sharp
View on GitHub
An updated C# port of X-Ways X-Tensions API.
☆11Mar 12, 2018Updated 8 years ago
msuiche / LiveCloudKd
View on GitHub
Hyper-V Research is trendy now
☆199May 6, 2024Updated last year
davidpany / WMI_Forensics
View on GitHub
☆310Aug 14, 2020Updated 5 years ago
AndreyBazhan / DbgExt
View on GitHub
Debugger extension for the Debugging Tools for Windows (WinDbg, KD, CDB, NTSD).
☆69Nov 14, 2016Updated 9 years ago
kedebug / ScDetective
View on GitHub
A kernel level anti-rootkit tool which runs on the windows platform.
☆92Apr 18, 2014Updated 11 years ago
mandiant / flare-wmi
View on GitHub
☆432May 3, 2023Updated 2 years ago
dfirlabs / ntfs-specimens
View on GitHub
NTFS file system specimens
☆13Jul 3, 2023Updated 2 years ago
williballenthin / process-forest
View on GitHub
Reconstruct process trees from event logs
☆147Aug 12, 2020Updated 5 years ago
honorarybot / PulseDbg
View on GitHub
Hypervisor-based debugger
☆191Dec 2, 2020Updated 5 years ago
Simple, predictable pricing with DigitalOcean hosting • Ad
Always know what you'll pay with monthly caps and flat pricing. Enterprise-grade infrastructure trusted by 600k+ customers.
ydkhatri / jarp
View on GitHub
Just Another broken Registry Parser (JARP)
☆16May 23, 2024Updated last year
tandasat / MemoryMon
View on GitHub
Detecting execution of kernel memory where is not backed by any image file
☆262Jul 11, 2018Updated 7 years ago
almost-real / IDBG
View on GitHub
Allows you to add breakpoints from IDA (from the graph/text view) to WinDbg easily
☆14Oct 10, 2018Updated 7 years ago
Cr4sh / PTBypass-PoC
View on GitHub
Bypassing code hooks detection in modern anti-rootkits via building faked PTE entries.
☆79Jan 24, 2011Updated 15 years ago
airbus-cert / regrippy
View on GitHub
A modern Python-3-based alternative to RegRipper
☆208Mar 31, 2025Updated 11 months ago
Prevenity / malware_monitor
View on GitHub
Malware monitor template based on MinHook
☆17Mar 29, 2015Updated 10 years ago
EricZimmerman / Registry
View on GitHub
Full featured, offline Registry parser in C#
☆247Feb 7, 2026Updated last month