-
Notifications
You must be signed in to change notification settings - Fork 21
Home
Joachim Metz edited this page Jun 14, 2015
·
15 revisions
winreg-kb is a project dedicated to various Windows Registry resources initially intended for forensics analysis.
Note that this a continuous work in progress
Format documentation can be found in the documentation directory of the source repository.
The source repository also contains several scripts to retrieve specific information from Registry files. Note that these scripts are intended as quick-and-dirty solutions for format analysis and currently only the REGF Registry file format is supported.
Dependencies:
- dfVFS; Digital Forensics Virtual File System
- pyregf; Python-bindings to access the Windows NT Registry File (REGF) format
Also see: