msuhanov / regf
Windows registry file format specification
☆335Updated 6 years ago
Alternatives and similar repositories for regf:
Users that are interested in regf are comparing it to the libraries listed below
- Yet another library library (and tools)☆206Updated 3 months ago
- Windows Registry Knowledge Base☆173Updated 5 months ago
- ETW Python Library☆279Updated last year
- FileInsight-plugins: decoding toolbox of McAfee FileInsight hex editor for malware analysis☆161Updated 3 months ago
- Events from all manifest-based and mof-based ETW providers across Windows 10 versions☆289Updated 10 months ago
- ☆427Updated last year
- Tool suite for inspecting NTFS artifacts.☆219Updated last year
- Library and tools to access the Windows XML Event Log (EVTX) format☆197Updated 6 months ago
- Library and tools to access the Windows New Technology File System (NTFS)☆201Updated 8 months ago
- Windows Prefetch parser. Supports all known versions from Windows XP to Windows 10.☆111Updated 2 months ago
- Incident Response & Digital Forensics Debugging Extension☆377Updated 6 years ago
- View ETW Provider manifest☆465Updated 4 months ago
- Library and tools to access the Windows NT Registry File (REGF) format☆115Updated 7 months ago
- Full featured, offline Registry parser in C#☆226Updated 2 months ago
- Regipy is an os independent python library for parsing offline registry hives☆254Updated 3 months ago
- Library and tools to access the Windows Prefetch File (SCCA) format.☆73Updated 3 months ago
- Comae Hibernation File Decompressor☆146Updated last year
- Portable Executable parsing library (from PE-bear)☆655Updated 6 months ago
- A YARA-integrated process denial framework for Windows☆398Updated 5 years ago
- Process Spawn Control is a Powershell tool which aims to help in the behavioral (process) analysis of malware. PsC suspends newly launche…☆260Updated 3 years ago
- Tool to view and create Microsoft shim database files (SDB).☆113Updated 7 years ago
- Lnk Explorer Command line edition!!☆293Updated 2 months ago
- Extract Windows Defender database from vdm files and unpack it☆437Updated 5 years ago
- Hollowfind is a Volatility plugin to detect different types of process hollowing techniques used in the wild to bypass, confuse, deflect …☆132Updated 2 years ago
- Pure Python parser for Application Compatibility Shim Databases (.sdb files)☆109Updated 4 years ago
- Print compiler information stored in Rich Header of PE executables.☆130Updated 2 weeks ago
- Sysmon-Like research tool for ETW☆352Updated 2 years ago
- ☆213Updated 6 years ago
- The content of this repository aims to assist efforts on analysing inner working principles, functionalities, and properties of the Micro…☆151Updated 4 years ago
- Expriments☆452Updated 5 months ago