EricZimmerman / AmcacheParserLinks
Parses amcache.hve files, but with a twist!
☆136Updated 4 months ago
Alternatives and similar repositories for AmcacheParser
Users that are interested in AmcacheParser are comparing it to the libraries listed below
Sorting:
- AppCompatCache (shimcache) parser. Supports Windows 7 (x86 and x64), Windows 8.x, and Windows 10☆117Updated 4 months ago
- Cobalt Strike Beacon configuration extractor and parser.☆153Updated 3 years ago
- RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.☆264Updated last year
- C# based evtx parser with lots of extras☆308Updated last month
- ☆302Updated 4 years ago
- Live forensic artifacts collector☆166Updated 10 months ago
- Blueteam operational triage registry hunting/forensic tool.☆147Updated 2 years ago
- Command line access to the Registry☆147Updated 3 weeks ago
- Collect-MemoryDump - Automated Creation of Windows Memory Snapshots for DFIR☆240Updated 2 months ago
- A python script developed to process Windows memory images based on triage type.☆262Updated last year
- ☆87Updated last year
- A small util to brute-force prefetch hashes☆77Updated 2 years ago
- A Cobalt Strike Scanner that retrieves detected Team Server beacons into a JSON object☆166Updated 2 years ago
- evtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.☆154Updated 3 years ago
- ☆69Updated 3 months ago
- Memory Baseliner is a script that can compare two windows memory images or perform frequency of occurrence / data stacking analysis on mu…☆53Updated last year
- YARA rule analyzer to improve rule quality and performance☆101Updated last month
- Automagically extract forensic timeline from volatile memory dump☆130Updated last year
- ☆130Updated last year
- RegRipper4.0☆50Updated last month
- Parses $MFT from NTFS file systems☆243Updated 3 weeks ago
- An NTFS/FAT parser for digital forensics & incident response☆203Updated 6 months ago
- An easy to use PowerShell script to collect memory and disk forensics for DFIR investigations.☆313Updated 3 weeks ago
- ☆130Updated this week
- Lnk Explorer Command line edition!!☆308Updated 4 months ago
- EVTXtract recovers and reconstructs fragments of EVTX log files from raw binary data, including unallocated space and memory images.☆193Updated 2 months ago
- OneDriveExplorer is a command line and GUI based application for reconstructing the folder structure of OneDrive from the <UserCid>.dat a…☆199Updated this week
- ☆52Updated this week
- Anything Sysmon related from the MSTIC R&D team☆153Updated 11 months ago
- Linux Evidence Acquisition Framework☆118Updated 8 months ago