Welcome to the dfWinReg documentation
dfWinReg, or Digital Forensics Windows Registry, provides read-only access to Windows Registry objects. The goal of dfWinReg is to provide a generic interface for accessing Windows Registry objects that resembles the Registry key hierarchy as seen on a live Windows system.
dfWinReg originates from the Plaso project and is also based on ideas from the winreg-kb project. It was largely rewritten and made into a stand-alone project to provide more flexibility and allow other projects to make use of Windows Registry functionality.
The source code is available from the project page.
- API documentation
- Submodules
- dfwinreg.creg module
- dfwinreg.decorators module
- dfwinreg.definitions module
- dfwinreg.errors module
- dfwinreg.fake module
- dfwinreg.glob2regex module
- dfwinreg.interface module
- dfwinreg.key_paths module
- dfwinreg.regf module
- dfwinreg.registry module
- dfwinreg.registry_searcher module
- dfwinreg.virtual module
- Module contents