LSE toolsLSE toolsshellbags (292)shellbags (292)

Tool and Usage

Shellbags is a script written in Python to parse the Windows Registry file. It extract related information from directories browsed by Explorer.

Screenshot for shellbags tool review

Why this tool?

Typically this tool will be used to gather information from a compromised system or to track traces from a system to find evidence. Shellbags can provide some insight on browsed directories on the system via Explorer on Microsoft Windows systems.

How it works

The shellbags script is provided the path to a raw Windows Registry hive (NTUSER.DAT). It is then parsed on the system of the forensic specialist.

Usage and audience

This tool is categorized as a digital forensics tool.

shellbags is commonly used for digital forensics. Target users for this tool are forensic specialists and pentesters.

Tool review

The review and analysis of this project resulted in the following remarks for this security tool:


  • + The source code of this software is available

Author and Maintainers

Shellbags is under development by Willi Ballenthin.


Support operating systems

Shellbags is known to work on Linux and Microsoft Windows.

This tool page was recently updated. Found an improvement? Become an influencer and submit an update.
Project details
Latest release0.5.5 [2013-12-20]
License(s)Apache License 2.0
Last updatedSept. 18, 2017

Project health

This score is calculated by different factors, like project age, last release date, etc.


GitHub iconshellbags GitHub project

Related terms