RECmd
A command-line tool for parsing, searching, and analyzing Windows Registry hives with batch processing and forensic capabilities.
What is RECmd?
RECmd is a command-line tool for parsing, analyzing, and searching Windows Registry hives. It enables forensic investigators and system administrators to extract artifacts, recover deleted data, and automate registry analysis for incident response and system investigations. The tool supports batch processing, multiple output formats, and integration with forensic workflows like KAPE.
Digital forensic investigators, incident responders, and system administrators who need to analyze Windows Registry data for security investigations, compliance audits, or system troubleshooting.
RECmd offers forensic-grade accuracy with features like transaction log replay, deleted key recovery, and Volume Shadow Copy processing, combined with automation through batch files. It's specifically designed for DFIR professionals who require reliable, scriptable registry analysis integrated into their toolchains.
Overview
Command line access to the Registry
Use Cases
Best For
- Extracting registry artifacts during incident response investigations
Related Projects
Found a gem we're missing?
Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.
