FICHA · AUR

ms-regfx

Digital Forensics tool for parsing Windows Registry hive files (REGF format)

  • forensics-cli
  • CLI
  • Launchable
  • Runs in terminal
official+codex · reviewed · Jun 2, 2026 description in en

Description

Windows Registry hive parsing helps forensic analysts inspect REGF files without relying on a live Windows system. It is useful for incident response, evidence review, malware analysis, and system-history reconstruction.

Registry hives can contain personal data, credentials, and sensitive system traces. Preserve evidence copies, document chain of custody when relevant, and avoid modifying original files.

How to run

ms-regfx

Commands: ms-regfx

Permissions

Permissions not analysed for this source yet.