Digital forensics
tools catalogue
A reference catalogue of 292 specialist utilities used across digital-forensic and data-recovery engagements — spanning credential recovery, browser and network artefacts, system analysis and more.
Asterisk Logger
Automatically reveals the passwords stored behind the asterisks ('***') in standard password text-boxes.
BulletsPassView
BulletsPassView is a password recovery tool that reveals the passwords stored behind the bullets in the standard password text-box of Windows operating system and Internet Explorer Web browser.
ChromePass
ChromePass is a small password recovery tool that allows you to view the user names and passwords stored by Google Chrome Web browser.
CredentialsFileView
CredentialsFileView is a simple tool for Windows that decrypts and displays the passwords and other data stored inside Credentials files of Windows.
CredHistView
This tool allows you to decrypt the CREDHist file and view the SHA1 and NTLM hashes of all previous passwords you used on your system.
DataProtectionDecryptor
DataProtectionDecryptor is a powerful tool for Windows that allows you to decrypt passwords and other information encrypted by the DPAPI (Data Protection API) system of Windows operating system.
Dialupass
This utility enumerates all Dial-Up entries on your computer and recovers their logon details: User Name, Password and Domain.
EncryptedRegView
Scans the Registry on your current running system or on external drive and decrypts passwords and other data encrypted with DPAPI (Data Protection API).
ExtPassword
ExtPassword!
IE PassView
IE PassView is a small utility that reveals the passwords stored by Internet Explorer browser.
LostMyPassword
LostMyPassword is a tool for Windows that allows you to recover a lost password, if it's stored by a software installed on your system.
MadPassExt
This tool allows you to decrypt and extract the secret DPAPI password generated for your Microsoft account when using it to log into Windows 10 or Windows 11.
Mail PassView
Mail PassView utility recovers your email passwords from the following email programs: Outlook Express, Microsoft Outlook 2000, Microsoft Outlook 2002/2003/2003, Eudora, Netscape, Mozilla Thunderbird.
MessenPass
Recovers the passwords of instant messenger programs: MSN Messenger, Windows Messenger (In Windows XP), Yahoo Messenger, ICQ Lite 4.x/2003, AOL Instant Messenger, AOL Instant Messenger/Netscape 7, Trillian, Miranda, and GAIM.
MS-Outlook Tools
5 Tools for Microsof Outlook: NK2Edit, OutlookAttachView, OutlookStatView, PstPassword, OfficeIns.
Network Password Recovery
This utility recovers all network passwords stored on your system for the current logged-on user.
NetworkTrafficView
NetworkTrafficView is a network monitoring tool that captures the packets pass through your network adapter, and displays general statistics about your network traffic.
None
PocketAsterisk is a small utility for Pocket PC devices that reveals that passwords stored behind the asterisks ('***') in standard password text-boxes.
OperaPassView
OperaPassView is a small password recovery tool that decrypts the content of the Opera Web browser password file (wand.dat) and displays the list of all Web site passwords stored in this file.
OutlookAccountsView
OutlookAccountsView is a password recovery tool for Windows that displays the details of all POP3/IMAP/SMTP accounts stored in your Outlook profiles.
Password Security Scanner
This utility scans the passwords stored by popular Windows applications (Microsoft Outlook, Internet Explorer, Mozilla Firefox, and more…) and displays security information about all these passwords.
PasswordFox
PasswordFox is a small password recovery tool that allows you to view the user names and passwords stored by Mozilla Firefox Web browser.
Product Key Scanner
Product Key Scanner is a tool that scans the Registry of Windows Operating system and finds the product keys of Windows and other Microsoft products.
Protected Storage PassView
Protected Storage PassView is a small utility that reveals the passwords stored on your computer by Internet Explorer, Outlook Express and MSN Explorer.
PstPassword
PstPassword is a small utility that recover lost password of Outlook PST (Personal Folders) file.
Remote Desktop PassView
Remote Desktop PassView is a small utility that reveals the password stored by Microsoft Remote Desktop Connection utility inside the .rdp files.
RouterPassView
This utility allows you to recover passwords or other data from the configuration file created by a router, including the login user/password of your ISP, the login password of your router, and wireless keys.
SmartSniff
SmartSniff allows you to capture TCP/IP packets that pass through your network adapter, and view the captured data as sequence of conversations between clients and servers.
SniffPass
Capture the passwords that pass through your network adapter, and display them on the screen instantly.
VaultPasswordView
VaultPasswordView is a simple tool for Windows 10/8/7 that decrypts and displays the passwords and other data stored inside 'Windows Vault'.
VNCPassView
VNCPassView is a small utility that recover the passwords stored by the VNC tool.
WebBrowserPassView
WebBrowserPassView is a password recovery tool that reveals the passwords stored by the following Web browsers: Internet Explorer,Firefox, Chrome, and Opera.
Windows Password Recovery Package
A package of password recovery utilities for Windows, including IE PassView to recover the Web passwords of Internet Explorer, Mail PassView to recover passwords of email applications, and much more…
WinMailPassRec
WinMailPassRec is a password recovery tool for Windows 10 and Windows 11 that displays the details of all POP3/IMAP/SMTP/Exchange accounts stored in the mail application of Windows operating system.
WirelessKeyDump
WirelessKeyDump is a console application (Command Prompt) that dumps the list of all wireless keys stored by the wireless networks module of Windows operating system.
WirelessKeyView
WirelessKeyView recovers all wireless network keys (WEP/WPA) stored in your computer by the 'Wireless Zero Configuration' service of Windows XP.
ActiveX Compatibility Manager
Disable/enable ActiveX components on Internet Explorer browser.
AddrView
AddrView allows you to parse HTML pages and extract most URL addresses stored in them.
AppReadWriteCounter
AppReadWriteCounter is a tool for Windows that counts and displays the current file read/write operations of every application running on your system.
BatteryHistoryView
BatteryHistoryView extracts and displays the battery history information stored in the SRUDB.dat database of Windows 10 and Windows 11.
BrowserAddonsView
BrowserAddonsView is a simple tool that displays the details of all Web browser addons/plugins installed in your system.
BrowserAutoFillView
BrowserAutoFillView is a simple tool for Windows that displays the text you previously filled in a form on Chrome and Firefox Web browsers.
BrowserDownloadsView
Tool for Windows that displays the details of downloaded files of Chrome and Firefox Web browsers – Filename, Download URL, Web Page URL, Start Time, End Time, Download Duration, Download Size, Web Browser, and more…
BrowsingHistoryView
BrowsingHistoryView is a utility that reads the history data of 4 different Web browsers (Internet Explorer, Mozilla Firefox, Google Chrome, and Safari) and displays the browsing history of all these Web browsers in one table.
ChromeCacheView
ChromeCacheView is a small utility that reads the cache folder of Google Chrome Web browser, and displays the list of all files currently stored in the cache.
ChromeCookiesView
ChromeCookiesView is an alternative to the standard internal cookies viewer of Google Chrome Web browser.
ChromeHistoryView
ChromeHistoryView is a small utility that reads the history data file of Google Chrome Web browser, and displays the list of all visited Web pages in the last days.
CleanAfterMe
CleanAfterMe allows you to easily clean files and Registry entries that are automatically created by the Windows operating system during your regular computer work.
Clipboardic
Clipboardic is a small clipboard manager that automatically saves the clipboard data to a file on each copy operation, and allows you to use the data again when you need it.
CustomizeIE
The CustomizeIE utility allows you to easily add, edit and delete additional toolbar buttons and menu items in Internet Explorer.
DiskCountersView
DiskCountersView displays the system counters of each disk drive in your system, including the total number of read/write operations and the total number of read/write bytes.
DNSDataView
This utility is a GUI alternative to the NSLookup tool that comes with Windows operating system.
DomainHostingView
DomainHostingView is a utility for Windows that collects extensive information about a domain by using a series of DNS and WHOIS queries, and generates HTML report that can be displayed in any Web browser.
EdgeCookiesView
EdgeCookiesView is a tool for Windows that displays the cookies stored by newer versions of Microsoft Edge Web browser (Starting from Fall Creators Update 1709 of Windows 10).
FavoritesView
displays the list of all your Favorties (of Internet Explorer browser) and bookmarks (of Netscape/Mozilla browsers) in a single page.
FBCacheView
FBCacheView is a simple tool that scans the cache of your Web browser, and lists all images displayed in Facebook pages that you previously visited, including profile pictures, images uploaded to Facebook, and images taken from other Web sites.
FileActivityWatch
Displays information about every read/write/delete operation of files occurs on your system.
FirefoxDownloadsView
This utility displays the list of the latest files that you downloaded with Firefox.
FlashCookiesView
FlashCookiesView is a small utility that displays the list of cookie files created by Flash component (Local Shared Object) in your Web browser.
FullUpdatesHistoryView
FullUpdatesHistoryView is a simple tool for Windows 11 that displays the history of Windows updates on your system.
HostedNetworkStarter
HostedNetworkStarter is a simple tool for Windows 7 and later that allows you to easily create a wifi hotspot with your wireless network adapter, using the Wifi hosted network feature of Windows operating system.
HtmlDocEdit
HtmlDocEdit is a simple HTML designer/editor based on the Internet Explorer browser, that allows you to easily edit HTML files without any knowledge in HTML.
HTTPNetworkSniffer
HTTPNetworkSniffer is a packet sniffer tool that captures all HTTP requests/responses sent between the Web browser and the Web server and displays them in a simple table.
IECacheView
IECacheView is a small utility that reads the cache folder of Internet Explorer, and displays the list of all files currently stored in the cache.
IECookiesView
Displays the cookies that Internet Explorer stores on your computer
IEHistoryView
This utility reads all information from the history file created by Internet Explorer, and displays the list of all URLs that you have visited in the last few days.
ImageCacheViewer
ImageCacheViewer is a simple tool that scans the cache of your Web browser (Internet Explorer, Firefox, or Chrome), and lists the images displayed in the Web sites that you recently visited.
LastActivityView
LastActivityView is a tool for Windows operating system that collects information from various sources on a running system, and displays a log of actions made by the user and events occurred on this computer.
MUICacheView
This utility allows you to easily view and edit the list of all MuiCache items on your system.
MyLastSearch
MyLastSearch utility scans the cache and history files of your Web browser, and display all search queries that you made with the most popular search engines (Google, Yahoo and MSN).
MyUninstaller
MyUninstaller is an alternative utility to the standard Add/Remove applet of Windows operating system.
MZCacheView
MozillaCacheView is a small utility that reads the cache folder of Firefox/Mozilla/Netscape Web browsers, and displays the list of all files currently stored in the cache.
MZCookiesView
MozillaCookiesView is an alternative to the standard 'Cookie Manager' provided by Firefox and Mozilla browsers.
MZHistoryView
MozillaHistoryView is a small utility that reads the history data file (history.dat) of Firefox/Mozilla/Netscape Web browsers, and displays the list of all visited Web pages in the last days.
NetRouteView
NetRouteView is a GUI alternative to the standard route utility (Route.exe) of Windows operating system.
OperaCacheView
OperaCacheView is a small utility that reads the cache folder of Opera Web browser, and displays the list of all files currently stored in the cache.
PropertySystemView
PropertySystemView is a tool that allows you view and modify the properties of file from GUI and command-line, using the property system of Windows operating system.
RTMPDumpHelper
By combining this utility and the proxy server of RTMPDump toolkit, you can simply open a Web page containing RTMP video stream in your favorite Web browser, and while watching the video, it'll be saved to your disk automatically.
SafariCacheView
SafariCacheView is a simple utility for Windows that reads and parses the cache file of Safari Web browser (cache.db) and displays the list of all cached files in a simple table.
SafariHistoryView
SafariHistoryView is a simple utility for Windows that reads and parses the history file of Safari Web browser (history.plist) and displays the browsing history in a simple table.
SecurityQuestionsView
SecurityQuestionsView is a tool for Windows 10 that allows you to view the security questions and their answers stored in the Registry by Windows 10 operating system.
SecuritySoftView
SecuritySoftView is a simple tool that displays the AntiVirus, AntiSpyware, and Firewall programs that are currently installed on your system and registered with the security center of Windows operating system.
TurnedOnTimesView
TurnedOnTimesView is a simple tool that analyses the event log of Windows operating system, and detects the time ranges that your computer was turned on.
URLProtocolView
URLProtocolView is a simple utility that displays all URL protocols (for example: ftp:, telnet:, mailto:) that are currently installed on your system.
URLStringGrabber
URLStringGrabber is a small utility that scans all opened windows of Internet Explorer and grab the URLs stored in them, including clickable links, images, script files, CSS files, RSS feeds, and flash (.swf) files.
Video-Audio Tools
A package of 6 tools for Windows related to video/audio: SoundVolumeView, VideoCacheView, WebVideoCap, RTMPDumpHelper, InstalledCodec, Volumouse.
VideoCacheView
This utility scans the entire cache of Internet Explorer and Mozilla-based Web browsers, finds all video files that are currently stored in it, and allows you to copy the cached video files into another folder for playing them in the future.
Web Browser Tools Package
Package of Web browser tools for Windows which allows you to extract the information stored by popular Web browsers, including IEHistoryView, IECacheView, and IECookiesView, MozillaCacheView, MozillaHistoryView, and more…
WebBrowserBookmarksView
WebBrowserBookmarksView is a simple tool for Windows that displays the details of all bookmarks stored in Chrome and Firefox Web browsers.
WebCacheImageInfo
Displays the software/camera model that created the images stored in the cache of your Web browser.
WebCookiesSniffer
WebCookiesSniffer is a packet sniffer tool that captures all Web site cookies sent between the Web browser and the Web server and displays them in a simple table.
WebSiteSniffer
WebSiteSniffer is a packet sniffer tool that captures all Web site files downloaded by your Web browser while browsing the Internet, and stores them on your hard drive under the base folder that you choose.
WebVideoCap
This utility allows you to capture .flv (Flash Video) files and RTSP streams while the Web browser download and play them inside a Web page.
WifiDiagnosticsView
WifiDiagnosticsView is a Wifi diagnostics tool for Windows 11/10/8/7/Vista that monitors the wireless network service of Windows operating system and displays any event that occurs while WifiDiagnosticsView is running.
WifiHistoryView
WifiHistoryView is a simple tool for Windows 10/8/7/Vista that displays the history of connections to wireless networks on your computer.
WinCrashReport
WinCrashReport provides an alternative to the built-in crash reporting program of Windows operating system.
Windows Updates History Viewer
Displays the history of Windows updates for your local system, remote system, or external drive.
WinLogOnView
WinLogOnView is a simple tool for Windows Vista/7/8/2008 that analyses the security event log of Windows operating system, and detects the date/time that users logged on and logged off.
AdapterWatch
displays useful information about your network adapters.
AppNetworkCounter
AppNetworkCounter is a simple tool for Windows that counts and displays the number of TCP/UDP bytes and packets sent and received by every application on your system.
CurrPorts
CurrPorts displays the list of all currently opened TCP/IP and UDP ports on your local computer.
DHCPLogView
DHCPLogView is a tool for Windows that monitors the DHCP requests sent by every device connect to your network and displays the information on the main window.
DNSLookupView
DNSLookupView is a DNS tracing tool for Windows 11/10 that allows you to view the details of every DNS query sent through the DNS Client service of Windows.
DNSQuerySniffer
DNSQuerySniffer is a network sniffer utility that shows the DNS queries sent on your system.
Domain Lookup Tools Package
Package of domain/ip address lookup tools for Windows, including DomainHostingView, WhoisThisDomain, IPNetInfo, DNSDataView, and more…
DriveLetterView
DriveLetterView is a simple utility that allows you to view the list of all drive letter assignments in your system, including local drives, remote network drives, CD/DVD drives, and USB drives – even if they are not currently plugged.
FastResolver
FastResolver is a small utility that resolves multiple host names into IP addresses/MAC Addresses and vice versa.
FirmwareTablesView
FirmwareTablesView is a simple tool that displays a list of firmware tables (ACPI, SMBIOS) stored on your system.
IPInfoOffline
IPInfoOffline Allows you to view information about IP addresses, without connecting any external server.
IPNeighborsView
IPNeighborsView is a tool for Windows 10/8/7/Vista that displays the IP neighbor table of your local computer.
IPNetInfo
IPNetInfo is a small utility that allows you to easily find all available information about an IP address: The owner of the IP address, the country/state name, IP addresses range, contact information (address, phone, fax, and email), and more.
IPPathTableView
IPPathTableView is a tool for Windows 11/10/8/7/Vista that displays the IP path table of your local computer.
LANIPScanner
LANIPScanner is a simple tool for Windows that scans your network and displays the list of all computers and devices that are currently connected to your network.
LiveTcpUdpWatch
Tool for Windows that displays live information about all TCP and UDP activity on your system.
ManageWirelessNetworks
ManageWirelessNetworks is an alternative tool to the standard 'Manage Wireless Networks' of Windows (or 'Manage Known Networks' on Windows 10).
mDNSView
mDNSView is a simple tool for Windows that displays all mDNS records published by devcies connected to your local network.
MetarWeather
Decode METAR weather reports, and display them in a simple weather report table.
NetBScanner
Scans all computers in the IP addresses range you choose, using NetBIOS protocol.
NetResView
NetResView is a small utility that displays the list of all network resources (computers, disk shares, and printer shares) on your LAN.
Network Monitoring Tools Package
Package of network monitoring tools for Windows, including CurrPorts for viewing all opened TCP/IP connections, SmartSniff for easily sniffing and viewing the TCP/IP streams, AdapterWatch to get information about your network adapters, and more…
NetworkConnectLog
NetworkConnectLog is a simple utility that repeatedly scans your local area network and add a new log line every time that a new computer or device connects/disconnects your network.
NetworkCountersWatch
NetworkCountersWatch is a tool for Windows that displays system counters for every network interface on your system.
NetworkInterfacesView
NetworkInterfacesView is a simple tool that displays the list of all network adapters/interfaces installed on your system.
NetworkLatencyView
NetworkLatencyView is a simple tool for Windows that listens to the TCP connections on your system and calculates the network latency (in milliseconds) for every new TCP connection detected on your system.
NetworkOpenedFiles
NetworkOpenedFiles is a simple tool for Windows that displays the list of all files that are currently opened by other computers on your network.
NetworkUsageView
NetworkUsageView extracts and displays the network usage information stored in the SRUDB.dat database of Windows 8 and Windows 10.
PingInfoView
PingInfoView is a small utility that allows you to easily ping multiple host names and IP addresses, and watch the result in one table.
ProcessTCPSummary
ProcessTCPSummary is a simple tool for Windows that displays a summary of all process that have TCP connections or listening UDP ports.
QuickSetDNS
QuickSetDNS is a simple tool that allows you to easily change the DNS servers that are used for your Internet connection.
TCPConnectProblemView
The TCPConnectProblemView tool monitors the TCP connections on your system and displays an alert when a software tries to initiate a TCP connection and there is no response from the server.
TcpLogView
TcpLogView is a simple utility that monitors the opened TCP connections on your system, and adds a new log line every time that a TCP connection is opened or closed.
WakeMeOnLan
This utility allows you to easily turn on one or more computers remotely by sending Wake-on-LAN (WOL) packet to the remote computers.
WhoIsConnectedSniffer
WhoIsConnectedSniffer is a network discovery tool that listens to network packets on your network adapter using a capture driver (WinpCap or MS network monitor) and accumulates a list of computer and devices currently connected to your network.
WhosIP
Simple command-line utility that allows you to easily find all available information about an IP address: The owner of the IP address, the country/state name, IP addresses range, contact information (address, phone, fax, and email), and more.
WifiChannelMonitor
WifiChannelMonitor captures wifi traffic on the channel you choose, using Microsoft Network Monitor capture driver in monitor mode, and displays extensive information about access points and the wifi clients connected to them.
WifiInfoView
WifiInfoView scans the wireless networks in your area and displays extensive information about them, including: Network Name (SSID), MAC Address, PHY Type (802.11g or 802.11n), RSSI, Signal Quality, Frequency, Channel Number, Maximum Speed, and more.
Wireless Network Watcher
Wireless Network Watcher is a small utility that scans your wireless network and displays the list of all computers and devices that are currently connected to your network.
WirelessConnectionInfo
WirelessConnectionInfo is a simple tool for Windows Vista/7/8/2008 that displays general information and statistics about the active wifi connection, including the SSID, BSSID, PHY Type, Signal Quality, Receiving rate, Transmission Rate, and more…
WirelessNetConsole
WirelessNetConsole is a small console application that dumps all current detected wireless networks information into the standard output.
WirelessNetView
WirelessNetView is a small utility that runs in the background, and monitor the activity of wireless networks around you.
ActiveXHelper
view essential information about ActiveX components installed on your computer.
AllThreadsView
AllThreadsView is a simple tool for Windows that displays a list of all running threads from all processes on your system in one table.
AppAudioConfig
This tool displays your current audio settings of every application on your system (stored in the Registry), and allows you to easily change the setting of multiple applications at once.
AppCompatibilityView
AppCompatibilityView is a simple tool that displays the list of all programs that run with different compatibility settings, stored in the AppCompatFlags Registry key.
BluetoothCL
BluetoothCL is a small console application that dumps all current detected bluetooth devices into the standard output.
BluetoothLEView
BluetoothLEView is a tool for Windows 10 and Windows 11 that monitors the activity of Bluetooth Low Energy devices around you.
BluetoothLogView
BluetoothLogView is a small utility that monitors the activity of Bluetooth devices around you, and displays a log of Bluetooth devices on the main window.
BluetoothView
BluetoothView is a small utility that runs in the background, and monitor the activity of Bluetooth devices around you.
BootPerformanceView
BootPerformanceView is a tool for Windows 11/10/8/7/Vista that displays the performance information of the boot process on your system.
CurrProcess
CurrProcess utility displays the list of all processes currently running on your system.
DeviceIOView
DeviceIOView allows you to watch the data transfer between a software or service and a device driver (DeviceIoControl calls).
DevManView
DevManView is an alternative to the standard Device Manager of Windows, which displays all devices and their properties in flat table, instead of tree viewer.
DLL Export Viewer
Displays the list of exported functions and their memory addresses for the specified DLL files.
DotNetResourcesExtract
DotNetResourcesExtract is a small utility that scan dll/exe files of .NET applications, and extract all .NET embedded resources (Bitmaps, Gifs, HTML files, and so on) stored in them into the folder that you specify.
DriverView
DriverView utility displays the list of all device drivers currently loaded on your system.
EventLogChannelsView
EventLogChannelsView is a simple tool for Windows 10/8/7/Vista that shows the list of all event log channels on your system and to easily make some actions on multiple channels at once: enable/disable channels, set their maximum file size, and more.
EventLogSourcesView
EventLogSourcesView is a simple tool that displays the list of all event log sources installed on your system.
FullEventLogView
FullEventLogView is a simple tool for Windows 10/8/7/Vista that displays in a table the details of all events from the event logs of Windows, including the event description.
GDIView
GDIView is a unique tool that displays the list of GDI handles (brushes, pens, fonts, bitmaps, and others) opened by every process.
HandleCountersView
HandleCountersView is a simple tool for Windows that shows the current number of handles opened by every process running on your system.
HeapMemView
HeapMemView is a small utility that allows you to view the content of all memory blocks allocated in the heap of the process the you select.
IconsExtract
Extract icons and cursors from executbale files (EXE, DLL, OCX, CPL, etc.)
InjectedDLL
InjectedDLL is a small utility that displays the list of DLLs that are automatically injected on every process in your system.
InstalledAppView
InstalledAppView is a tool for Windows 10 that displays the details of Windows 10 apps installed on your system.
InstalledCodec
InstalledCodec is a small utility displays the list of all Codec drivers and DirectShow filters currently installed on your system.
InstalledDriversList
InstalledDriversList is a simple tool for Windows that lists all device drivers that are currently installed on your system.
InstalledPackagesView
InstalledPackagesView is a tool for Windows that displays the list of all software packages installed on your system with Windows Installer, and lists the files, Registry keys, and .NET Assemblies associated with them.
JRView
JRView is a small utility that displays the list of all Java Runtime Environments and Java Development Kits installed on your system, and allows you to run a Java application (.class or .jar file) on the desired Java environment.
JumpListsView
JumpListsView is a simple tool that displays the information stored by the 'Jump Lists' feature of Windows 7 and Windows 8.
LoadedDllsView
Simple tool for Windows that scans all running processes on your system and displays the list of all DLL files loaded by these processes and the number of processes that load each DLL in the list.
LSASecretsDump
LSASecretsDump is a small console application that extract the LSA secrets from the Registry, decrypt them, and dump them into the console window.
LSASecretsView
LSASecretsView is a small utility that displays the list of all LSA secrets stored in the Registry on your computer.
MMCompView
The MMCompView utility displays the details of all installed multimedia components (Codec and ActiveX filters) and allows you to disable and enable specific components.
MMCSnapInsView
MMCSnapInsView is a simple tool that displays the details of all MMC snap-ins installed on your system, including name, description, CLSID, dll file, product name, company name, file version, and more…
MobileFileSearch
Search files inside a mobile device (Smartphone or Tablet) plugged to the USB port on your computer, with Media Transfer Protocol (MTP).
NirCmd
NirCmd is a small utility that allows you to do many useful tasks from command-line, without displaying any user interface: change your display settings, turn off your monitor, open the door of your CD-ROM drive, and more…
OfficeIns
OfficeIns is a small utility that displays the details of all installed Microsoft Office add-ins on your computer, and allows you to disable/enable them.
OfflineRegistryFinder
OfflineRegistryFinder is a tool for Windows that allows you to scan Registry files from external drive and find the desired Registry keys/values/data according to the search criteria you define.
OfflineRegistryView
OfflineRegistryView is a simple tool for Windows that allows you to read offline Registry files from external drive and view the desired Registry key in .reg file format.
ProcessActivityView
Creates a summary of all files and folders that the selected process tries to access.
ProcessThreadsView
ProcessThreadsView is a small utility that displays extensive information about all threads of the process that you choose.
ProduKey
Displays the ProductID and the CD-Key of MS-Office, Windows, and SQL Server installed on your computer.
RecentFilesView
This utility display the list of all recently opened files, and allows you to delete unwanted filename entries.
RegDllView
RegDllView is a small utility that displays the list of all registered dll/ocx/exe files (COM registration).
RegFileExport
RegFileExport is a small console application that allows you to easily extract data from offline Registry file located on another disk drive.
RegFromApp
Monitors the Registry changes made by the application that you selected, and creates a standard RegEdit registration file (.reg) that contains all the Registry changes made by the application.
Registry Tools Package
Package of 5 Windows Registry tools for advanced users
RegistryChangesView
Compare 2 snapshots of Windows Registry, display all changes, and optionally generate .reg file.
RegScanner
RegScanner allows you to scan the Registry, find the desired Registry values that match to the specified search criteria, and display them in one list.
ResourcesExtract
ResourcesExtract is a small utility that scans dll/ocx/exe files and extract all resources (bitmaps, icons, cursors, AVI movies, HTML files, and more…) stored in them into the folder that you specify.
RunFromProcess
RunFromProcess is a command-line utility that allows you to run a program from another process that you choose.
RuntimeClassesView
RuntimeClassesView is a tool for Windows 10 and Windows 11 that displays the list of Windows Runtime (WinRT) classes installed on your system.
SearchFilterView
This utility allows you to easily view the search filters installed on your system and the file extensions that are associated with them, as well as it allows you to easily add or remove file extensions for these filters.
ServiWin
ServiWin utility displays the list of installed drivers and services on your system.
ShellBagsView
Each time that you open a folder in Explorer, Windows automatically save the settings of this folder into the Registry.
ShellExView
Displays the details of shell extensions installed on your computer, and allows you to easily disable and enable each shell extension.
ShellMenuNew
ShellMenuNew is a small utility that displays the list of all menu items in the 'New' submenu of Windows Explorer.
ShellMenuView
ShellMenuView is a small utility that display the list of static menu items that appeared in the context menu when you right-click a file/folder on Windows Explorer, and allows you to easily disable unwanted menu items.
ShutdownPerformanceView
ShutdownPerformanceView is a tool for Windows that displays the performance information of Windows shutdown process.
SimpleProgramDebugger
SimpleProgramDebugger is a simple debugging tool that attaches to a running program and displays all major debugging events, including Exception, Create Thread, Create Process, Exit Thread, Exit Process, Load DLL, Unload Dll, and Debug String.
SocketSniff
SocketSniff allows you to watch the Windows Sockets (WinSock) activity of the selected process.
SoundVolumeCommandLine
SoundVolumeCommandLine (svcl.exe) is a console application that allows you to do many actions related to sound volume from command-line, including – set sound volume of devices and applications, mute/unmute devices and applications, and more…
SpecialFoldersView
This utility displays the list of all special folders in your system, and allows you to easily jump to the right folder simply by double-clicking the folder item.
StartupRun
Displays the list of all applications that are loaded automatically when Windows boots.
System Tools for Windows
Package of system tools for Windows, including OpenedFilesView for viewing the list of all opened files in your system, DriverView for viewing the list of loaded device drivers, RegScanner for searching entries in the Registry, and more…
TaskSchedulerView
TaskSchedulerView is a simple tool for Windows Vista/7/8/10 that displays in a single table the list of all tasks from the Task Scheduler of Windows.
UninstallView
UninstallView is a tool for Windows that collects information about all programs installed on your system and displays the details of the installed programs in one table.
USBDeview
USBDeview is a small utility that lists all USB devices that currently connected to your computer, as well as all USB devices that you previously used.
USBDriveLog
USBDriveLog is a tool for Windows 10 that displays a log of all USB drives plugged to your computer.
USBLogView
USBLogView is a small utility that runs in the background and records the details of any USB device that is plugged or unplugged into your system.
UserAssistView
This utility decrypt and displays the list of all UserAssist entries stored under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist key in the Registry.
WhatInStartup
This utility displays the list of all applications that are loaded automatically when Windows starts up and allows you to easily disable or delete unwanted programs that runs in your Windows startup.
WinDefLogView
WinDefLogView is a tool for Windows 10 and Windows 11 that reads the event log of Windows Defender and displays a log of threats detected by Windows Defender on your system.
WinFontsView
WinFontsView is a small utility that enumerates all fonts installed on your system, and display them in one simple table.
WinPrefetchView
WinPrefetchView is a utility that reads the Prefetch files stored in your system and display the information stored in them.
WinsockServicesView
This utility displays the details of all Winsock service providers installed on your system, and allows you to easily disable/enable a Winsock service provider.
CustomExplorerToolbar
CustomExplorerToolbar is small utility for Windows 7 only, which allows you to easily customize the toolbar of Windows Explorer, and add buttons that were existed in previous versions of Windows, like Copy, Cut, Paste, Select All, and more.
FolderChangesView
FolderChangesView is a simple tool that monitors the folder or disk drive that you choose and lists every filename that is being modified, created, or deleted while the folder is being monitored.
PreviousFilesRecovery
Find and recover deleted files and previous versions of existing files stored inside Windows shadow copies
NK2Edit
NK2Edit is full editor for the AutoComplete file of Microsoft Outlook (NK2 file) It allows you to modify all fields in NK2 file, delete unwanted records, add new records, fix corrupted files, merge 2 or more NK2 files and more…
NK2View
This utility reads the AutoComplete file of Outlook (with .NK2 extension), displays all email records stored in it, and allows you to easily export these records into text/html/xml file.
OutlookAddressBookView
OutlookAddressBookView is a simple utility that displays the details of all recipients stored in the address books of Microsoft Outlook.
OutlookAttachView
OutlookAttachView scans all messages stored in your Outlook, and displays the list of all attached files that it finds.
OutlookStatView
OutlookStatView scans your Outlook mailbox, and display a general statistics about the users that you communicate via emails.
SkypeLogView
SkypeLogView reads the log files created by Skype application, and displays the details of incoming/outgoing calls, chat messages, and file transfers made by the specified Skype account.
ControlMyMonitor
ControlMyMonitor allows you view and modify the settings of your monitor (Also known as 'VCP Features'), like brightness, contrast, sharpness, red/green/blue color balance, and more…
HashMyFiles
HashMyFiles is small utility that allows you to calculate the MD5 and SHA1 hashes of one or more files in your system.
ShadowCopyView
ShadowCopyView is simple tool for Windows 10/8/7/Vista that lists the snapshots of your hard drive created by the 'Volume Shadow Copy' service of Windows.
WhatIsHang
Displays information about software that hang/stopped responding.
AppResourcesUsageView
AppResourcesUsageView extracts and displays the application resources usage information stored in the SRUDB.dat database of Windows 10 and Windows 11.
DiskSmartView
DiskSmartView is a small utility that retrieves the S.M.A.R.T information (S.M.A.R.T = Self-Monitoring, Analysis, and Reporting Technology) from IDE/SATA disks.
FreeSpaceLogView
FreeSpaceLogView is a tool for Windows 10 that displays a log of free disk space on your system.
MonitorInfoView
MonitorInfoView is a small utility that displays essential information about your monitor: manufacture week/year, monitor manufacturer, monitor model, supported display modes, and more…
MultiMonitorTool
MultiMonitorTool is a small tool that allows you to do some actions related to working with multiple monitors.
OpenSaveFilesView
OpenSaveFilesView is a simple tool that displays the list of files that you previously opened with the standard open/save dialog-box of Windows.
OpenWithView
OpenWithView is a small utility that displays the list of all available applications in the 'Open With' dialog-box of Windows, and allows you to easily disable/enable the applications in the list.
AdvancedRun
AdvancedRun is a simple tool for Windows that allows you to run a program with different settings that you choose, including – low or high priority, start directory, main window state, environment variables and more…
AlternateStreamView
AlternateStreamView is a small utility that allows you to scan your NTFS drive, and find all hidden alternate streams stored in the file system.
AltStreamDump
AltStreamDump is a console application (Command Prompt) that dumps the list of NTFS alternate streams found in the current directory.
AppCrashView
AppCrashView is a small utility for Windows Vista and Windows 7 that displays the details of all application crashes occurred in your system.
BatteryInfoView
BatteryInfoView is a small utility for laptops and netbook computers that displays the current status and information about your battery.
BlueScreenView
BlueScreenView scans all your minidump files created during 'blue screen of death' crashes, and displays the information about all crashes in one table.
BulkFileChanger
BulkFileChanger is a small utility that allows you to create files list from multiple folders, and then make some action on them – Modify their created/modified/accessed time, change their file attribute (Read Only, Hidden, System), and more…
CountryTraceRoute
CountryTraceRoute is a Traceroute utility, similar to the tracert of Windows, but with graphical user interface, and it's also much faster than tracert of Windows.
CSVFileView
Allows you to easily view the content of CSV or tab-delimited file in a simple table viewer.
DownTester
DownTester allows you to easily test your Internet download speed in multiple locations around the world.
DumpEDID
DumpEDID is a small console application that extract the EDID ("Extended display identification data") records from your computer, analyze it, and dump it into the console window.
ESEDatabaseView
ESEDatabaseView is a simple utility that reads and displays the data stored inside Extensible Storage Engine (ESE) database (Also known as 'Jet Blue' or .edb file).
ExecutedProgramsList
ExecutedProgramsList is a simple tool that displays a list of programs and batch files that you previously executed on your system.
ExifDataView
ExifDataView is a small utility that reads and displays the Exif data stored inside .jpg image files generated by digital cameras.
FileAccessErrorView
Diagnostic tool for Windows that displays information about errors occur while programs running on your system try to open/read/write/delete a file.
FileTypesMan
FileTypesMan is an alternative to the 'File Types' tab in the 'Folder Options' of Windows.
FoldersReport
Scans your disk, and displays a report about each folder.
FolderTimeUpdate
FolderTimeUpdate is a simple tool for Windows that scans all files and folders under the base folder you choose, and updates the 'Modified Time' of every folder according the latest modified time of the files stored in it.
GACView
Alternative to the standard .NET assembly viewer on Windows Explorer.
GetNir
Command line tool to extract values from tab-delimited and comma-delimited data
GUIPropView
Displays extensive information about all windows currently opened on your system.
HotKeysList
HotKeysList is a simple tool for Windows that displays the list of hot keys that are currently registered on your system.
HTMLAsText
Converts HTML documents to simple text files, by removing all HTML tags and formatting the text according to your preferences.
IEDesignMode
IEDesignMode Adds a new menu item into the context menu of Internet Explorer that allows you to easily switch the active Internet Explorer window to design mode.
InsideClipboard
InsideClipboard is a small utility that displays the binary content of all formats that are currently stored in the clipboard, and allow you to save the content of specific format into a binary file.
JavaScript Animator Express
This utility allows you to easily create animation from image files (GIFs and JPGs) on your local drive.
KeyboardStateView
KeyboardStateView is a simple tool for Windows that displays the current state and virtual key code of every key you press.
LiveContactsView
LiveContactsView is a small utility that allows you to view the details of all contacts in your Windows Live Messenger.
MACAddressView
MACAddressView is a MAC address lookup tool that allows you to easily find the company details (company name, address, and country) according to the MAC address of a product.
MyEventViewer
MyEventViewer is an alternative to the standard event viewer of Windows.
NetConnectChoose
NetConnectChoose is a simple tool that allows you to easily choose the default Internet connection that will be used by all Internet applications, when you have more than a single Internet connection on the same time.
NirExt
Adds 3 useful context menu extensions to your Windows Explorer environment.
NTFSLinksView
This utility shows you to list of all symbolic links and junctions in the selected folder, and their target paths.
OpenedFilesView
OpenedFilesView displays the list of all opened files on your system.
RunAsDate
Run a program in the date and time that you specify.
SearchMyFiles
SearchMyFiles is an alternative to the standard "Search For Files And Folders" module of Windows.
SeqDownload
Download sequence of images from the Web, and create animation from them.
ShortcutsMan
Displays the details about all shortcuts that you have on your desktop and under your start menu.
SimpleCodeGenerator
SimpleCodeGenerator is a simple tool for Windows that allows you to quickly generate QR Code for scanning with App on your Smartphone.
SimpleWMIView
SimpleWMIView is a simple tool for Windows that displays the result of WMI queries in a simple table, and allows you to easily export the data to text/csv/tab-delimited/html/xml file, or to copy the selected items to the clipboard.
SiteShoter
SiteShoter is a small utility that allows you to save a screenshot of any Web page into a file.
SkypeContactsView
Simple tool that displays the list of all Skype contacts stored in the local database file of Skype.
SoundVolumeView
SoundVolumeView is a simple tool for Windows Vista/7/8/2008 that displays general information and current volume level for all active sound components, and allows you to mute/unmute them instantly.
SysExporter
SysExporter utility allows you to grab the data stored in standard list-views, tree-views, list boxes, and combo boxes from almost any application running on your system, and export it to text, HTML or XML file.
TableTextCompare
TableTextCompare is a small utility that allows you to easily compare 2 tab-delimited or comma-delimited (csv) files, and find out the difference between the 2 files.
TimeZonesView
TimeZonesView is a simple tool for Windows that displays all world time zones.
UserProfilesView
UserProfilesView displays the list of all user profiles that you currently have in your system.
Volumouse
Adjust the volume of your speaker with the wheel of your mouse.
WebCamImageSave
WebCamImageSave is simple WebCam capture utility that allows you to easily capture a still image from your camera every number of seconds that you choose.
WhoisCL
WhoisCL is a simple command-line utility that allows you to easily get information about a registered domain.
WhoisThisDomain
This utility allows you to easily get information about a registered domain.
WinDefThreatsView
WinDefThreatsView is tool for Windows 11/10 that displays the list of all threats detected by Windows Defender Antivirus and allows you to easily set the default action (Allow, Quarantine, Clean, Remove, Block) for multiple threats at once.
Windows Programming/Debugging Tools
Small utilities package that can be used by programmers for debugging and research.
WinLister
This utility displays the list of opened windows on your system.
WinUpdatesList
Displays the list of all Windows updates (Service Packs and Hotfixes).
ZipInstaller
Install applications that do not provide an installation module.
Catalogue for reference only. Tools are applied lawfully, by qualified personnel, within the scope of an engagement.