msuhanov / regfLinks
Windows registry file format specification
☆339Updated 6 years ago
Alternatives and similar repositories for regf
Users that are interested in regf are comparing it to the libraries listed below
Sorting:
- Events from all manifest-based and mof-based ETW providers across Windows 10 versions☆299Updated last year
- View ETW Provider manifest☆498Updated 7 months ago
- Library and tools to access the Windows New Technology File System (NTFS)☆210Updated 11 months ago
- Tool suite for inspecting NTFS artifacts.☆223Updated last year
- Windows Registry Knowledge Base☆175Updated 8 months ago
- Library and tools to access the Windows XML Event Log (EVTX) format☆206Updated 8 months ago
- Yet another library library (and tools)☆210Updated 5 months ago
- Incident Response & Digital Forensics Debugging Extension☆381Updated 6 years ago
- FileInsight-plugins: decoding toolbox of McAfee FileInsight hex editor for malware analysis☆162Updated 6 months ago
- Library and tools to access the Windows NT Registry File (REGF) format☆121Updated 10 months ago
- An NTFS/FAT parser for digital forensics & incident response☆203Updated 7 months ago
- ☆428Updated 2 years ago
- Library and tools to access the Windows Prefetch File (SCCA) format.☆75Updated 5 months ago
- ETW Python Library☆285Updated last year
- Live hunting of code injection techniques☆382Updated 5 years ago
- Comae Hibernation File Decompressor☆150Updated 2 years ago
- Extract Windows Defender database from vdm files and unpack it☆443Updated this week
- Full featured, offline Registry parser in C#☆230Updated 5 months ago
- Document ETW providers☆236Updated 5 years ago
- Windows Prefetch parser. Supports all known versions from Windows XP to Windows 10.☆113Updated 5 months ago
- Parser for $UsnJrnl on NTFS☆111Updated 2 years ago
- A collection of free miscellaneous Windows tools☆135Updated 10 months ago
- Extract AutoIt scripts embedded in PE binaries☆186Updated 11 months ago
- Process Spawn Control is a Powershell tool which aims to help in the behavioral (process) analysis of malware. PsC suspends newly launche…☆263Updated 3 years ago
- Print compiler information stored in Rich Header of PE executables.☆137Updated this week
- SysmonX - An Augmented Drop-In Replacement of Sysmon☆215Updated 5 years ago
- Lnk Explorer Command line edition!!☆310Updated 5 months ago
- zer0m0n driver for cuckoo sandbox☆362Updated 10 years ago
- Parser for $LogFile on NTFS☆196Updated 3 weeks ago
- PowerShell script for deobfuscating encoded PowerShell scripts☆424Updated 4 years ago