Skip to content

Home

Jump to bottom
Joachim Metz edited this page May 27, 2017 · 15 revisions

winreg-kb is a project dedicated to various Windows Registry resources initially intended for forensics analysis.

Note that this a continuous work in progress

Format documentation can be found in the documentation directory of the source repository.

The source repository also contains several scripts to retrieve specific information from Registry files. Note that these scripts are intended as quick-and-dirty solutions for format analysis and currently only the REGF Registry file format is supported.

Project status

Travis-CI AppVeyor Coveralls PyPI
Build Status Build status Coverage Status PyPI version

Dependencies

  • dfVFS; Digital Forensics Virtual File System
  • dfWinReg; Digital Forensics Windows Registry
  • pyregf; Python-bindings to access the Windows NT Registry File (REGF) format

Also see

  • libcreg; library and tools to access the Windows 9x/Me Registry File (CREG) format
  • libregf; library and tools to access the Windows NT Registry File (REGF) format
Clone this wiki locally