Rhaegal is a tool written in Python 3 used to scan Windows Event Logs for suspicious logs. Rhaegal uses custom rule format to detect suspicious/malicious logs
☆43Sep 21, 2023Updated 2 years ago
Alternatives and similar repositories for Rhaegal
Users that are interested in Rhaegal are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Registry to JSON. This Project is for learning purposes and is not maintained.☆12Dec 28, 2021Updated 4 years ago
- ☆24Mar 12, 2025Updated last year
- MasterParser is a simple, all-in-one, digital forensics artifact parser☆24Jul 9, 2021Updated 4 years ago
- CryptnetURLCacheParser is a tool to parse CryptAPI cache files☆21Aug 3, 2024Updated last year
- Lokix Platform is a free open-source solution to help blue teams and threat hunters use Loki Scanner to sweep enterprise networks☆25Aug 8, 2020Updated 5 years ago
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
- This script is made to collect the most valiable artifacts for foreniscs or incident reponse investigation rather than imaging the whole …☆211Oct 19, 2020Updated 5 years ago
- PowerShell 'Hero': scripts for DFIR and automation with a PowerShell menu example.☆37Jul 11, 2023Updated 2 years ago
- LNK to JSON☆14Mar 7, 2019Updated 7 years ago
- Hundred Days of Yara Challenge☆12Jun 21, 2022Updated 3 years ago
- Artifact collection tool for *nix systems☆216Mar 20, 2024Updated 2 years ago
- Forensic cheatsheets for use with cheat☆15Dec 2, 2021Updated 4 years ago
- Wrapper for TSK (Sleuth Kit) Bindings☆12Jan 10, 2023Updated 3 years ago
- ☆33Oct 25, 2021Updated 4 years ago
- extract and parse WEVT_TEMPLATEs from PE files☆18Dec 30, 2023Updated 2 years ago
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- lnk_parser is a full rust implementation to parse windows LNK files☆23Feb 17, 2026Updated 2 months ago
- Google Filestream Forensic Tool☆22Mar 10, 2022Updated 4 years ago
- Queries for parsed spotlight database in sqlite☆13Dec 29, 2020Updated 5 years ago
- Exactly what it sounds like, which is something rad☆22Oct 12, 2022Updated 3 years ago
- Digital Forensics Investigation Platform☆884Oct 12, 2024Updated last year
- Here are some tools I developed to help analyze malware☆11Nov 8, 2023Updated 2 years ago
- Parsers for common structures across windows formats.☆12Aug 23, 2023Updated 2 years ago
- USN to JSON☆22Apr 4, 2020Updated 6 years ago
- PowerShell scripts to aid investigators when utilizing O365 and Magnet Axiom.☆12Aug 26, 2024Updated last year
- GPUs on demand by Runpod - Special Offer Available • AdRun AI, ML, and HPC workloads on powerful cloud GPUs—without limits or wasted spend. Deploy GPUs in under a minute and pay by the second.
- A Windows registry file parser written in Rust☆41Oct 30, 2025Updated 5 months ago
- A parser of Windows Defender's DetectionHistory forensic artifact, containing substantial info about quarantined files and executables.☆118Jan 26, 2022Updated 4 years ago
- Information about the open-source-dfir slack community☆30Jun 17, 2023Updated 2 years ago
- Windows Thingies... but in Rust☆23Nov 12, 2022Updated 3 years ago
- Scripts to for ready-to-use Velociraptor instance deployment in Azure☆14Jun 27, 2023Updated 2 years ago
- Stand-alone parser for User Access Logging from Server 2012 and newer systems☆80Jan 9, 2024Updated 2 years ago
- CloudPathSniffer is an open-source, easy to use and extensible Cloud Anomaly Detection platform designed to help security teams to find h…☆13Nov 30, 2023Updated 2 years ago
- This is a set of tools for doing forensics analysis on Microsoft ESE databases.☆129Jan 31, 2022Updated 4 years ago
- ☆10Aug 11, 2025Updated 8 months ago
- Simple, predictable pricing with DigitalOcean hosting • AdAlways know what you'll pay with monthly caps and flat pricing. Enterprise-grade infrastructure trusted by 600k+ customers.
- A repository of output using KAPE (!EZParser Module) for various publicly available forensic images!☆17Aug 31, 2024Updated last year
- The ultimate streamline for Volatility 3. Speed up process of memory artifacts extraction phase☆14Dec 19, 2024Updated last year
- Log4j Shield - fast ⚡, scalable and easy to use Log4j vulnerability CVE-2021-44228 finder and patcher☆13Dec 23, 2021Updated 4 years ago
- Backstage Parser☆33Jun 23, 2022Updated 3 years ago
- Disk Image Mounting Script☆11Jan 22, 2026Updated 2 months ago
- Windows symbol tables for Volatility 3☆93Jul 11, 2024Updated last year
- Windows 10 Live Information viewer☆39Jan 27, 2022Updated 4 years ago