Hivex is a Windows Registry hive extraction library that allows users to read and write Windows Registry 'hive' binary files. It provides a C API and can export the hive as XML. The library is written in C and has bindings for OCaml, Perl, Python, and Ruby. It is licensed under LGPL v2.1. Hivex is a self-contained library that does not use the textual .REG format for output. Instead, it provides a C API and a separate program to export the hive as XML. The library is derived from several sources, including NTREG registry reader/writer library and dumphive, a BSD-licensed Pascal program. Hivex is designed to be more careful about handling error cases, corrupt and malicious registry files, and endianness compared to other libraries.
This tool is not verified yet and doesn't have listed features.
Did you submit the verified tool? Sign in to add features.
Are you the author? Claim the tool by clicking the icon above. After claiming, you can add features.
A free, open source collection of tools for forensic artifact and image analysis.
A library to access the Extensible Storage Engine (ESE) Database File (EDB) format used in various Windows applications.
Easy-to-use live forensics toolbox for Linux endpoints with various capabilities such as process inspection, memory analysis, and YARA scanning.
Yara pattern matching tool for forensic investigations with predefined rules for magic headers in files and raw images.
A tool for triaging crash files with various output formats and debugging engine options.
Automated tool for parsing Windows registry hives and extracting valuable information for forensic analysis.