msuhanov / regf
Windows registry file format specification
☆336Updated 6 years ago
Alternatives and similar repositories for regf:
Users that are interested in regf are comparing it to the libraries listed below
- FileInsight-plugins: decoding toolbox of McAfee FileInsight hex editor for malware analysis☆161Updated 4 months ago
- Tool suite for inspecting NTFS artifacts.☆220Updated last year
- Library and tools to access the Windows XML Event Log (EVTX) format☆199Updated 6 months ago
- Incident Response & Digital Forensics Debugging Extension☆378Updated 6 years ago
- Windows Registry Knowledge Base☆173Updated 6 months ago
- An NTFS/FAT parser for digital forensics & incident response☆202Updated 5 months ago
- Events from all manifest-based and mof-based ETW providers across Windows 10 versions☆293Updated 11 months ago
- ☆428Updated last year
- Yet another library library (and tools)☆207Updated 3 months ago
- Full featured, offline Registry parser in C#☆228Updated 3 months ago
- Library and tools to access the Windows New Technology File System (NTFS)☆202Updated 9 months ago
- View ETW Provider manifest☆475Updated 5 months ago
- Library and tools to access the Windows NT Registry File (REGF) format☆116Updated 7 months ago
- ETW Python Library☆279Updated last year
- Parser for $LogFile on NTFS☆193Updated last year
- Comae Hibernation File Decompressor☆148Updated 2 years ago
- Parser for $UsnJrnl on NTFS☆110Updated 2 years ago
- zer0m0n driver for cuckoo sandbox☆359Updated 9 years ago
- A VBA p-code disassembler☆466Updated 3 years ago
- Portable Executable parsing library (from PE-bear)☆658Updated this week
- Windows Prefetch parser. Supports all known versions from Windows XP to Windows 10.☆112Updated 3 months ago
- Extract Windows Defender database from vdm files and unpack it☆439Updated 5 years ago
- Regipy is an os independent python library for parsing offline registry hives☆254Updated this week
- Source code for File Test - Interactive File System Test Tool☆282Updated 3 weeks ago
- Tool to extract the $UsnJrnl from an NTFS volume☆107Updated 5 years ago
- Quickly debug shellcode extracted during malware analysis☆596Updated last year
- Expand compressed files from WinSxS folder☆157Updated 9 months ago
- Pure Python parser for Application Compatibility Shim Databases (.sdb files)☆109Updated 4 years ago
- Yet another registry parser☆132Updated 3 years ago
- Extract AutoIt scripts embedded in PE binaries☆181Updated 9 months ago