AbdulRhmanAlfaifi/Rhaegal external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

AbdulRhmanAlfaifi/Rhaegal

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/AbdulRhmanAlfaifi/Rhaegal)

Close

AbdulRhmanAlfaifi / RhaegalView on GitHubMore

• External links
• Readme badge

Rhaegal is a tool written in Python 3 used to scan Windows Event Logs for suspicious logs. Rhaegal uses custom rule format to detect suspicious/malicious logs

☆43Sep 21, 2023Updated 2 years ago

Alternatives and similar repositories for Rhaegal

Users that are interested in Rhaegal are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• forensicmatt / RustyReg

  View on GitHub
  Registry to JSON. This Project is for learning purposes and is not maintained.
  ☆12Dec 28, 2021Updated 4 years ago
• 00010111 / gMetaDataParse

  View on GitHub
  ☆23Mar 12, 2025Updated last year
• alwashmi / MasterParser

  View on GitHub
  MasterParser is a simple, all-in-one, digital forensics artifact parser
  ☆24Jul 9, 2021Updated 4 years ago
• AbdulRhmanAlfaifi / CryptnetURLCacheParser

  View on GitHub
  CryptnetURLCacheParser is a tool to parse CryptAPI cache files
  ☆21Aug 3, 2024Updated last year
• alph4w0lf / LokiX

  View on GitHub
  Lokix Platform is a free open-source solution to help blue teams and threat hunters use Loki Scanner to sweep enterprise networks
  ☆25Aug 8, 2020Updated 5 years ago
• 1-Click AI Models by DigitalOcean Gradient • Ad
  Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
• muteb / Hoarder

  View on GitHub
  This script is made to collect the most valiable artifacts for foreniscs or incident reponse investigation rather than imaging the whole …
  ☆214Oct 19, 2020Updated 5 years ago
• dwmetz / PSHero

  View on GitHub
  PowerShell 'Hero': scripts for DFIR and automation with a PowerShell menu example.
  ☆37Jul 11, 2023Updated 2 years ago
• forensicmatt / RustyLnk

  View on GitHub
  LNK to JSON
  ☆14Mar 7, 2019Updated 7 years ago
• CD-R0M / YARA

  View on GitHub
  Hundred Days of Yara Challenge
  ☆12Jun 21, 2022Updated 3 years ago
• bgrundy / cheatsheets-forensic

  View on GitHub
  Forensic cheatsheets for use with cheat
  ☆15Dec 2, 2021Updated 4 years ago
• AbdulRhmanAlfaifi / Fennec

  View on GitHub
  Artifact collection tool for *nix systems
  ☆219Mar 20, 2024Updated 2 years ago
• forensicmatt / libtsk-rs

  View on GitHub
  Wrapper for TSK (Sleuth Kit) Bindings
  ☆11Jan 10, 2023Updated 3 years ago
• AtomicGaryBusey / AzureForensics

  View on GitHub
  ☆33Oct 25, 2021Updated 4 years ago
• williballenthin / wevt_template

  View on GitHub
  extract and parse WEVT_TEMPLATEs from PE files
  ☆18Dec 30, 2023Updated 2 years ago
• Deploy to Railway using AI coding agents - Free Credits Offer • Ad
  Use Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
• AbdulRhmanAlfaifi / lnk_parser

  View on GitHub
  lnk_parser is a full rust implementation to parse windows LNK files
  ☆23Feb 17, 2026Updated 3 months ago
• ydkhatri / spotlight_queries

  View on GitHub
  Queries for parsed spotlight database in sqlite
  ☆13Dec 29, 2020Updated 5 years ago
• knavesec / EyeWitnessTheFitness

  View on GitHub
  Exactly what it sounds like, which is something rad
  ☆22Oct 12, 2022Updated 3 years ago
• DFIRKuiper / Kuiper

  View on GitHub
  Digital Forensics Investigation Platform
  ☆888Oct 12, 2024Updated last year
• net-protect / google-fs-recover

  View on GitHub
  Google Filestream Forensic Tool
  ☆22Mar 10, 2022Updated 4 years ago
• StupidBird-Code / Malware_Analysize-Tools

  View on GitHub
  Here are some tools I developed to help analyze malware
  ☆11Nov 8, 2023Updated 2 years ago
• omerbenamram / winstructs

  View on GitHub
  Parsers for common structures across windows formats.
  ☆12Aug 23, 2023Updated 2 years ago
• forensicmatt / RustyUsn

  View on GitHub
  USN to JSON
  ☆22Apr 4, 2020Updated 6 years ago
• dwmetz / Axiom-PowerShell

  View on GitHub
  PowerShell scripts to aid investigators when utilizing O365 and Magnet Axiom.
  ☆12Aug 26, 2024Updated last year
• 1-Click AI Models by DigitalOcean Gradient • Ad
  Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
• strozfriedberg / notatin

  View on GitHub
  A Windows registry file parser written in Rust
  ☆40Oct 30, 2025Updated 6 months ago
• jklepsercyber / defender-detectionhistory-parser

  View on GitHub
  A parser of Windows Defender's DetectionHistory forensic artifact, containing substantial info about quarantined files and executables.
  ☆118Jan 26, 2022Updated 4 years ago
• open-source-dfir / slack

  View on GitHub
  Information about the open-source-dfir slack community
  ☆29Jun 17, 2023Updated 2 years ago
• forensicmatt / RsWindowsThingies

  View on GitHub
  Windows Thingies... but in Rust
  ☆23Nov 12, 2022Updated 3 years ago
• WesSec / VelociDeploy-o-Matic

  View on GitHub
  Scripts to for ready-to-use Velociraptor instance deployment in Azure
  ☆14Jun 27, 2023Updated 2 years ago
• brimorlabs / KStrike

  View on GitHub
  Stand-alone parser for User Access Logging from Server 2012 and newer systems
  ☆80Jan 9, 2024Updated 2 years ago
• AyberkHalac / CloudPathSniffer

  View on GitHub
  CloudPathSniffer is an open-source, easy to use and extensible Cloud Anomaly Detection platform designed to help security teams to find h…
  ☆13Nov 30, 2023Updated 2 years ago
• MarkBaggett / ese-analyst

  View on GitHub
  This is a set of tools for doing forensics analysis on Microsoft ESE databases.
  ☆130Jan 31, 2022Updated 4 years ago
• binalyze / dfir-lab

  View on GitHub
  ☆10Aug 11, 2025Updated 9 months ago
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
• AndrewRathbun / ForensicImageKAPEOutput

  View on GitHub
  A repository of output using KAPE (!EZParser Module) for various publicly available forensic images!
  ☆17Aug 31, 2024Updated last year
• ImDuong / vola-auto

  View on GitHub
  The ultimate streamline for Volatility 3. Speed up process of memory artifacts extraction phase
  ☆14Dec 19, 2024Updated last year
• xsultan / log4jshield

  View on GitHub
  Log4j Shield - fast ⚡, scalable and easy to use Log4j vulnerability CVE-2021-44228 finder and patcher
  ☆13Dec 23, 2021Updated 4 years ago
• dfir-scripts / EverReady-Disk-Mount

  View on GitHub
  Disk Image Mounting Script
  ☆11Jan 22, 2026Updated 4 months ago
• kacos2000 / Win10LiveInfo

  View on GitHub
  Windows 10 Live Information viewer
  ☆40Jan 27, 2022Updated 4 years ago
• JPCERTCC / Windows-Symbol-Tables

  View on GitHub
  Windows symbol tables for Volatility 3
  ☆94Jul 11, 2024Updated last year
• zerber0s / mac_int

  View on GitHub
  macOS Artifact Intelligence Tool
  ☆13Apr 30, 2019Updated 7 years ago