Understanding what forensic artifacts are present in the Windows and Linux Operating Systems, how to collect them, and leverage them to investigate security incidents.

Hive2CSV Live is a professional Windows registry forensics tool designed to extract data from registry hives (NTUSER.DAT, SYSTEM, SOFTWARE, etc.) and convert it into a clean, structured CSV format optimized for AI‑assisted analysis using LLMs such as Google Gemini and ChatGPT.

Generates interactive forensic reports from RegEx-acquired evidence, including registry hives, USB artifacts, Prefetch metadata, and acquisition logs. Uses Python + Jinja2 for automated Windows forensics reporting.

C++ UserAssist registry decoder for Windows forensic analysis

C++ Windows registry transaction log parser for forensic analysis

RegEx is a portable Windows Registry Acquisition tool designed for forensic investigators. It runs directly from a USB device, requires no installation, and extracts targeted registry hives using predefined acquisition profiles. Built for speed, reliability, and zero-footprint operation.