Forensicswiki.org has moved to this site, forensicswiki.xyz. For information, please join the Google Group forensicswiki-reborn
|Maintainer:||Daniel White, Joachim Metz|
|OS:||Linux, Mac OS X, Windows|
dfWinReg, or Digital Forensics Windows Registry, provides read-only access to Windows Registry objects. The goal of dfWinReg is to provide a generic interface for accessing Windows Registry objects that resembles the Registry key hierarchy as seen on a live Windows system.
dfWinReg originates from the Plaso project and is also based on ideas from the winreg-kb project. It was largely rewritten and made into a stand-alone project to provide more flexibility and allow other projects to make use of Windows Registry functionality.