EricZimmerman / AmcacheParserLinks
Parses amcache.hve files, but with a twist!
☆140Updated 6 months ago
Alternatives and similar repositories for AmcacheParser
Users that are interested in AmcacheParser are comparing it to the libraries listed below
Sorting:
- RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.☆283Updated last year
- AppCompatCache (shimcache) parser. Supports Windows 7 (x86 and x64), Windows 8.x, and Windows 10☆122Updated 6 months ago
- C# based evtx parser with lots of extras☆316Updated last month
- Live forensic artifacts collector☆168Updated last year
- Cobalt Strike Beacon configuration extractor and parser.☆154Updated 3 years ago
- ☆304Updated 4 years ago
- Lnk Explorer Command line edition!!☆317Updated 6 months ago
- Anything Sysmon related from the MSTIC R&D team☆154Updated last year
- Prefetch Explorer Command Line☆261Updated 6 months ago
- Collect-MemoryDump - Automated Creation of Windows Memory Snapshots for DFIR☆245Updated 4 months ago
- Command line access to the Registry☆153Updated 2 weeks ago
- Sysmon EDR POC Build within Powershell to prove ability.☆226Updated 4 years ago
- RegRipper4.0☆58Updated 3 months ago
- An NTFS/FAT parser for digital forensics & incident response☆206Updated 8 months ago
- evtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.☆154Updated 3 years ago
- $MFT directory tree reconstruction & FILE record info☆307Updated 9 months ago
- A Cobalt Strike Scanner that retrieves detected Team Server beacons into a JSON object☆168Updated 2 years ago
- Windows symbol tables for Volatility 3☆88Updated last year
- Parses $MFT from NTFS file systems☆253Updated 2 months ago
- A python script developed to process Windows memory images based on triage type.☆263Updated last year
- ☆149Updated last year
- Parser for $LogFile on NTFS☆199Updated 2 months ago
- Open Dataset of Cobalt Strike Beacon metadata (2018-2022)☆125Updated 3 years ago
- ☆69Updated 5 months ago
- Evtx to Splunk ingestor☆15Updated 3 years ago
- Blueteam operational triage registry hunting/forensic tool.☆148Updated 2 years ago
- Parses RecentFileCacheParser.bcf files☆29Updated 6 months ago
- YARA rule analyzer to improve rule quality and performance☆102Updated 3 months ago
- Digital forensic acquisition tool for Windows based incident response.☆344Updated last year
- Signature engine for all your logs☆171Updated last year