Windows Forensics

Magnet Forensics

Digital forensics platform for evidence acquisition, analysis, and DFIR.

Binalyze

DFIR platform automating investigation, evidence collection, and IR.

Cyber Triage Cyber Triage Collector

Standalone DFIR data collector for Windows systems with adaptive collection

ForensicMiner v1.4

A PowerShell-based DFIR automation tool that streamlines artifact and evidence collection from Windows machines for digital forensic investigations.

AppCompatProcessor

A digital forensics tool that extracts and analyzes Windows AppCompat and AmCache registry data for enterprise-scale forensic investigations.

RegRipper 3.0

Automated tool for parsing Windows registry hives and extracting valuable information for forensic analysis.

ir-rescue

A set of scripts for collecting forensic data from Windows and Unix systems respecting the order of volatility.

FastIR Collector

Tool for live forensics acquisition on Windows systems, collecting artefacts for early compromise detection.

libregf

A library for accessing and parsing Windows NT Registry File (REGF) format files, designed for digital forensics and registry analysis applications.