Home
dfWinReg, or Digital Forensics Windows Registry, provides read-only access to Windows Registry objects. The goal of dfWinReg is to provide a generic interface for accessing Windows Registry objects that resembles the Registry key hierarchy as seen on a live Windows system.
dfWinReg originates from the Plaso project and is also based on ideas from the winreg-kb project. It was largely rewritten and made into a stand-alone project to provide more flexibility and allow other projects to make use of Windows Registry functionality.
dfWinReg is currently implemented as a Python module. A packaged version can be found on the Downloads page.
Note that is project is a continuous work in progress.
For more information see:
| Travis-CI | AppVeyor | Codecov | PyPI |
|---|---|---|---|
 |
 |
 |
- REGF (Requires: libregf/pyregf)