View on GitHub

A Dissect module implementing a parser for Windows registry file format, used to store application and OS configuration on Windows operating systems.


dissect.regf is available on PyPI.

$ pip install dissect.regf

This module is also automatically installed if you install the dissect package.


This package is a library with no CLI tools, so you can only interact with it from Python. For example, to print the subkeys from the root of a hive:

from dissect.regf import RegistryHive

with open("/path/to/SYSTEM", "rb") as fh
    hive = RegistryHive(fh)
    for subkey in hive.root.subkeys():


For more details, please refer to the API documentation of dissect.regf.