Top picks: AppCompatProcessor, libevt, unfurl — plus 45 more compared.
Security Operationslibregf is a free tool. Security professionals most commonly compare it with . All 48 alternatives are matched by shared capabilities, tags, and NIST CSF 2.0 coverage.
A closer look at the 8 most relevant alternatives and competitors to libregf, including their key features and shared capabilities.
A digital forensics tool that extracts and analyzes Windows AppCompat and AmCache registry data for enterprise-scale forensic investigations.
Shares 3 capabilities with libregf: Registry, Windows, Windows Forensics
libevt is a library to access and parse Windows Event Log (EVT) files.
Unfurl is a URL analysis tool that extracts and visualizes data from URLs, breaking them down into components and presenting the information visually.
A library for accessing and parsing OLE 2 Compound File (OLECF) format files, including Microsoft Office documents and thumbs.db files.
A library to access and parse Windows Shortcut File (LNK) format.
A Windows Registry hive extraction library that provides C API access for reading and writing registry binary files with XML export capabilities.
An open source tool that generates YARA rules from installed software on running operating systems for efficient software identification in digital forensic investigations.
wxHexEditor is a free cross-platform hex editor and disk editor for editing binary files, disk devices, and logical drives with data manipulation and checksum calculation features.
A digital forensics tool that extracts and analyzes Windows AppCompat and AmCache registry data for enterprise-scale forensic investigations.
libevt is a library to access and parse Windows Event Log (EVT) files.
Unfurl is a URL analysis tool that extracts and visualizes data from URLs, breaking them down into components and presenting the information visually.
A library for accessing and parsing OLE 2 Compound File (OLECF) format files, including Microsoft Office documents and thumbs.db files.
A library to access and parse Windows Shortcut File (LNK) format.
A Windows Registry hive extraction library that provides C API access for reading and writing registry binary files with XML export capabilities.
An open source tool that generates YARA rules from installed software on running operating systems for efficient software identification in digital forensic investigations.
wxHexEditor is a free cross-platform hex editor and disk editor for editing binary files, disk devices, and logical drives with data manipulation and checksum calculation features.
RegRippy is a modern Python 3 alternative to RegRipper for extracting data from Windows registry hives.
A declarative language for describing binary data structures that compiles into parsers for multiple programming languages.
A PowerShell-based DFIR automation tool that streamlines artifact and evidence collection from Windows machines for digital forensic investigations.
A pure Python parser for Windows Event Log (.evtx) files that enables cross-platform forensic analysis of Windows system events.
Remote access and IT support tool for workstation management and diagnostics
Recovers/removes passwords and restrictions from encrypted PDF files.
Password recovery tool for MS Office, WordPerfect, Lotus & other office docs.
Decrypts EFS-protected files on NTFS volumes across Windows versions.
Password recovery tool for encrypted ZIP, 7Zip, and RAR archives.
Plugin that decompiles malware PE files into readable C code using hybrid analysis.
Windows-based email forensics tool for evidence recovery and analysis.
FIM and config change monitoring tool with baseline deviation detection.
DFIR platform automating investigation, evidence collection, and IR.
Digital forensics platform for evidence acquisition, analysis, and DFIR.
A comprehensive incident response tool for Windows computers, providing advanced memory forensics and access to locked systems.
An open source .NET deobfuscator and unpacker that restores packed and obfuscated assemblies by reversing various obfuscation techniques.
A utility package that monitors hard drive health through SMART technology to detect and prevent disk failures before data loss occurs.
A read-only FUSE driver that enables Linux systems to mount and access Apple File System (APFS) volumes, including encrypted and fusion drives.
A Windows context menu integration tool that scans files and folders for malware patterns, crypto signatures, and malicious documents using Yara rules and PEID signatures.
An open-source incident response case management tool
Standalone DFIR data collector for Windows systems with adaptive collection
Fast disassembler producing reassemblable assembly code using Datalog
HexPrism is a fast, privacy-first hex editor built for CTFs and digital forensics.
A library to access and parse Windows XML Event Log (EVTX) format, useful for digital forensics and incident response.
A library for accessing and parsing Microsoft Internet Explorer cache files (index.dat) to extract URLs, timestamps, and cached content for digital forensic analysis.
A library to access and manipulate RAW image files.
A library for accessing and parsing Extensible Storage Engine (ESE) Database Files used by Microsoft applications like Windows Search, Exchange, and Active Directory for forensic analysis purposes.
Free software for extracting Microsoft cabinet files, supporting all features and formats of Microsoft cabinet files and Windows CE installation files.
A library to access the Windows New Technology File System (NTFS) format with read-only support for NTFS versions 3.0 and 3.1.
A tool that collects and displays user activity and system events on a Windows system.
A library for working with Windows NT data types, providing access and manipulation functions.
Automated collection tool for incident response triage in Windows systems.
Generate comprehensive reports about Windows systems with detailed system, security, networking, and USB information.
DFIR ORC Documentation provides detailed instructions for setting up the build environment and deploying the tool.
A Yara ruleset designed to detect PHP shells and other webserver malware for malware analysis and threat detection.
DMG2IMG converts Apple compressed DMG archives to standard HFS+ image files supporting zlib, bzip2, and LZFSE compression formats.
Ghidra is an NSA-developed software reverse engineering framework that provides disassembly, decompilation, and analysis tools for examining compiled code across multiple platforms and processor architectures.
A Cross-Platform Forensic Framework for Google Chrome that allows investigation of history, downloads, bookmarks, cookies, and provides a full report.
CimSweep is a suite of CIM/WMI-based tools for incident response and hunting operations on Windows systems without the need to deploy an agent.
Tool for live forensics acquisition on Windows systems, collecting artefacts for early compromise detection.
Common questions security professionals ask when evaluating alternatives and competitors to libregf.
The most popular alternatives to libregf include AppCompatProcessor, libevt, unfurl, libolecf, and liblnk. These Digital Forensics and Incident Response tools offer similar capabilities and are frequently compared by security professionals evaluating their options.
