msuhanov/regf

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/msuhanov/regf)

msuhanov / regf

Windows registry file format specification

☆364

Alternatives and similar repositories for regf

Users that are interested in regf are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

Sorting:

msuhanov / yarp
View on GitHub
Yet another registry parser
☆137Apr 15, 2022Updated 4 years ago
msuhanov / regf-samples
View on GitHub
Windows registry samples
☆24Nov 18, 2018Updated 7 years ago
rsa9000 / regfanalysistools
View on GitHub
Low-level MS Windows registry files analysis tools
☆19May 5, 2016Updated 10 years ago
libyal / libregf
View on GitHub
Library and tools to access the Windows NT Registry File (REGF) format
☆133Updated this week
msuhanov / dfir_ntfs
View on GitHub
An NTFS/FAT parser for digital forensics & incident response
☆233Oct 31, 2025Updated 6 months ago
Deploy to Railway using AI coding agents - Free Credits Offer • Ad
Use Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
libyal / winreg-kb
View on GitHub
Windows Registry Knowledge Base
☆195May 16, 2026Updated last week
wbenny / EtwConsumerNT
View on GitHub
Simple project that demonstrates how an ETW consumer can be created just by using NTDLL
☆148Feb 23, 2019Updated 7 years ago
jschicht / LogFileParser
View on GitHub
Parser for $LogFile on NTFS
☆217Jun 1, 2025Updated 11 months ago
kacos2000 / Win10
View on GitHub
Win 10/11 related research
☆200Dec 19, 2023Updated 2 years ago
OMENScan / AChoir
View on GitHub
Windows Live Artifacts Acquisition Script
☆192Jun 20, 2022Updated 3 years ago
helpsystems / Agafi
View on GitHub
A gadget finder and a ROP-Chainer tool for x86 platforms
☆95Jun 13, 2021Updated 4 years ago
uyjulian / ao_hook
View on GitHub
☆10Sep 29, 2019Updated 6 years ago
yisonPylkita / powershell_cpp
View on GitHub
PowerShell interpreter for unmanaged (non CLI) C++ projects
☆16Jul 19, 2017Updated 8 years ago
ColinFinck / nt-hive
View on GitHub
Rust crate for accessing keys, values, and data stored in Windows hive (registry) files.
☆54Jan 21, 2025Updated last year
Simple, predictable pricing with DigitalOcean hosting • Ad
Always know what you'll pay with monthly caps and flat pricing. Enterprise-grade infrastructure trusted by 600k+ customers.
Silv3rHorn / 4n6_misc
View on GitHub
Miscellaneous Scripts
☆17Sep 11, 2020Updated 5 years ago
jschicht / RawCopy
View on GitHub
Commandline low level file extractor for NTFS
☆318Jul 30, 2019Updated 6 years ago
Velocidex / evtx-data
View on GitHub
Publicly shareable windows event log message data
☆29Nov 29, 2019Updated 6 years ago
ghonsa / DeviceDmp
View on GitHub
Windows device tree walker
☆15Sep 19, 2018Updated 7 years ago
keydet89 / Tools
View on GitHub
Tools from WFA 4/e, timeline tools, etc.
☆145Feb 29, 2024Updated 2 years ago
PoorBillionaire / Windows-Prefetch-Parser
View on GitHub
Parse Windows Prefetch files: Supports XP - Windows 10 Prefetch files
☆122May 29, 2024Updated last year
changeofpace / Remote-Process-Cookie-for-Windows-7
View on GitHub
Obtain remote process cookies by performing a brute-force attack on ntdll.RtlDecodePointer using known pointer encodings.
☆23May 31, 2017Updated 8 years ago
forensicmatt / RustyUsn
View on GitHub
USN to JSON
☆22Apr 4, 2020Updated 6 years ago
AndrewRathbun / EventTranscript.db-Research
View on GitHub
A repo for centralizing ongoing research on the new Windows 10/11 DFIR artifact, EventTranscript.db.
☆43Jul 18, 2022Updated 3 years ago
GPU virtual machines on DigitalOcean Gradient AI • Ad
Get to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
forensicmatt / RustyLnk
View on GitHub
LNK to JSON
☆14Mar 7, 2019Updated 7 years ago
msuiche / LiveCloudKd
View on GitHub
Hyper-V Research is trendy now
☆200May 6, 2024Updated 2 years ago
slackspace-lab / x-tension-c-sharp
View on GitHub
An updated C# port of X-Ways X-Tensions API.
☆11Mar 12, 2018Updated 8 years ago
davidpany / WMI_Forensics
View on GitHub
☆313Aug 14, 2020Updated 5 years ago
AndreyBazhan / DbgExt
View on GitHub
Debugger extension for the Debugging Tools for Windows (WinDbg, KD, CDB, NTSD).
☆68Nov 14, 2016Updated 9 years ago
kedebug / ScDetective
View on GitHub
A kernel level anti-rootkit tool which runs on the windows platform.
☆90Apr 18, 2014Updated 12 years ago
mandiant / flare-wmi
View on GitHub
☆433May 3, 2023Updated 3 years ago
dfirlabs / ntfs-specimens
View on GitHub
NTFS file system specimens
☆13Updated this week
honorarybot / PulseDbg
View on GitHub
Hypervisor-based debugger
☆191Dec 2, 2020Updated 5 years ago
1-Click AI Models by DigitalOcean Gradient • Ad
Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
williballenthin / process-forest
View on GitHub
Reconstruct process trees from event logs
☆148Aug 12, 2020Updated 5 years ago
ydkhatri / jarp
View on GitHub
Just Another broken Registry Parser (JARP)
☆16May 23, 2024Updated 2 years ago
tandasat / MemoryMon
View on GitHub
Detecting execution of kernel memory where is not backed by any image file
☆261Jul 11, 2018Updated 7 years ago
almost-real / IDBG
View on GitHub
Allows you to add breakpoints from IDA (from the graph/text view) to WinDbg easily
☆14Oct 10, 2018Updated 7 years ago
airbus-cert / regrippy
View on GitHub
A modern Python-3-based alternative to RegRipper
☆213May 12, 2026Updated last week
Prevenity / malware_monitor
View on GitHub
Malware monitor template based on MinHook
☆17Mar 29, 2015Updated 11 years ago
EricZimmerman / Registry
View on GitHub
Full featured, offline Registry parser in C#
☆254Apr 26, 2026Updated 3 weeks ago