msuhanov/regf

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/msuhanov/regf)

msuhanov / regf

Windows registry file format specification

☆355

Alternatives and similar repositories for regf

Users that are interested in regf are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

Sorting:

msuhanov / yarp
View on GitHub
Yet another registry parser
☆137Apr 15, 2022Updated 3 years ago
msuhanov / regf-samples
View on GitHub
Windows registry samples
☆24Nov 18, 2018Updated 7 years ago
rsa9000 / regfanalysistools
View on GitHub
Low-level MS Windows registry files analysis tools
☆19May 5, 2016Updated 9 years ago
libyal / libregf
View on GitHub
Library and tools to access the Windows NT Registry File (REGF) format
☆133Dec 19, 2025Updated 3 months ago
msuhanov / dfir_ntfs
View on GitHub
An NTFS/FAT parser for digital forensics & incident response
☆225Oct 31, 2025Updated 5 months ago
Serverless GPU API endpoints on Runpod - Bonus Credits • Ad
Skip the infrastructure headaches. Auto-scaling, pay-as-you-go, no-ops approach lets you focus on innovating your application.
libyal / winreg-kb
View on GitHub
Windows Registry Knowledge Base
☆195Updated this week
wbenny / EtwConsumerNT
View on GitHub
Simple project that demonstrates how an ETW consumer can be created just by using NTDLL
☆147Feb 23, 2019Updated 7 years ago
jschicht / LogFileParser
View on GitHub
Parser for $LogFile on NTFS
☆216Jun 1, 2025Updated 10 months ago
kacos2000 / Win10
View on GitHub
Win 10/11 related research
☆198Dec 19, 2023Updated 2 years ago
OMENScan / AChoir
View on GitHub
Windows Live Artifacts Acquisition Script
☆191Jun 20, 2022Updated 3 years ago
helpsystems / Agafi
View on GitHub
A gadget finder and a ROP-Chainer tool for x86 platforms
☆95Jun 13, 2021Updated 4 years ago
uyjulian / ao_hook
View on GitHub
☆10Sep 29, 2019Updated 6 years ago
yisonPylkita / powershell_cpp
View on GitHub
PowerShell interpreter for unmanaged (non CLI) C++ projects
☆16Jul 19, 2017Updated 8 years ago
ColinFinck / nt-hive
View on GitHub
Rust crate for accessing keys, values, and data stored in Windows hive (registry) files.
☆53Jan 21, 2025Updated last year
Managed Kubernetes at scale on DigitalOcean • Ad
DigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
jschicht / RawCopy
View on GitHub
Commandline low level file extractor for NTFS
☆315Jul 30, 2019Updated 6 years ago
Silv3rHorn / 4n6_misc
View on GitHub
Miscellaneous Scripts
☆17Sep 11, 2020Updated 5 years ago
Velocidex / evtx-data
View on GitHub
Publicly shareable windows event log message data
☆28Nov 29, 2019Updated 6 years ago
ghonsa / DeviceDmp
View on GitHub
Windows device tree walker
☆15Sep 19, 2018Updated 7 years ago
keydet89 / Tools
View on GitHub
Tools from WFA 4/e, timeline tools, etc.
☆145Feb 29, 2024Updated 2 years ago
PoorBillionaire / Windows-Prefetch-Parser
View on GitHub
Parse Windows Prefetch files: Supports XP - Windows 10 Prefetch files
☆122May 29, 2024Updated last year
changeofpace / Remote-Process-Cookie-for-Windows-7
View on GitHub
Obtain remote process cookies by performing a brute-force attack on ntdll.RtlDecodePointer using known pointer encodings.
☆23May 31, 2017Updated 8 years ago
forensicmatt / RustyUsn
View on GitHub
USN to JSON
☆22Apr 4, 2020Updated 6 years ago
AndrewRathbun / EventTranscript.db-Research
View on GitHub
A repo for centralizing ongoing research on the new Windows 10/11 DFIR artifact, EventTranscript.db.
☆43Jul 18, 2022Updated 3 years ago
1-Click AI Models by DigitalOcean Gradient • Ad
Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
forensicmatt / RustyLnk
View on GitHub
LNK to JSON
☆14Mar 7, 2019Updated 7 years ago
jp-slackspace / x-tension-c-sharp
View on GitHub
An updated C# port of X-Ways X-Tensions API.
☆11Mar 12, 2018Updated 8 years ago
msuiche / LiveCloudKd
View on GitHub
Hyper-V Research is trendy now
☆199May 6, 2024Updated last year
davidpany / WMI_Forensics
View on GitHub
☆312Aug 14, 2020Updated 5 years ago
AndreyBazhan / DbgExt
View on GitHub
Debugger extension for the Debugging Tools for Windows (WinDbg, KD, CDB, NTSD).
☆69Nov 14, 2016Updated 9 years ago
kedebug / ScDetective
View on GitHub
A kernel level anti-rootkit tool which runs on the windows platform.
☆90Apr 18, 2014Updated 11 years ago
mandiant / flare-wmi
View on GitHub
☆433May 3, 2023Updated 2 years ago
dfirlabs / ntfs-specimens
View on GitHub
NTFS file system specimens
☆13Jul 3, 2023Updated 2 years ago
honorarybot / PulseDbg
View on GitHub
Hypervisor-based debugger
☆191Dec 2, 2020Updated 5 years ago
Wordpress hosting with auto-scaling - Free Trial • Ad
Fully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
williballenthin / process-forest
View on GitHub
Reconstruct process trees from event logs
☆148Aug 12, 2020Updated 5 years ago
ydkhatri / jarp
View on GitHub
Just Another broken Registry Parser (JARP)
☆16May 23, 2024Updated last year
tandasat / MemoryMon
View on GitHub
Detecting execution of kernel memory where is not backed by any image file
☆262Jul 11, 2018Updated 7 years ago
almost-real / IDBG
View on GitHub
Allows you to add breakpoints from IDA (from the graph/text view) to WinDbg easily
☆14Oct 10, 2018Updated 7 years ago
Cr4sh / PTBypass-PoC
View on GitHub
Bypassing code hooks detection in modern anti-rootkits via building faked PTE entries.
☆79Jan 24, 2011Updated 15 years ago
airbus-cert / regrippy
View on GitHub
A modern Python-3-based alternative to RegRipper
☆212Mar 31, 2025Updated last year
EricZimmerman / Registry
View on GitHub
Full featured, offline Registry parser in C#
☆247Feb 7, 2026Updated 2 months ago