EricZimmerman / AppCompatCacheParserLinks
AppCompatCache (shimcache) parser. Supports Windows 7 (x86 and x64), Windows 8.x, and Windows 10
☆122Updated 7 months ago
Alternatives and similar repositories for AppCompatCacheParser
Users that are interested in AppCompatCacheParser are comparing it to the libraries listed below
Sorting:
- Parses amcache.hve files, but with a twist!☆140Updated 7 months ago
- Command line access to the Registry☆154Updated this week
- Parses RecentFileCacheParser.bcf files☆29Updated 6 months ago
- C# based evtx parser with lots of extras☆318Updated this week
- Parser for $LogFile on NTFS☆202Updated 2 months ago
- ☆68Updated last week
- Windows Prefetch parser. Supports all known versions from Windows XP to Windows 10.☆115Updated 7 months ago
- Windows Registry Knowledge Base☆184Updated 10 months ago
- MFT parser☆68Updated 6 months ago
- $MFT directory tree reconstruction & FILE record info☆311Updated 10 months ago
- Parser for $UsnJrnl on NTFS☆114Updated 2 years ago
- Script for parsing Symantec Endpoint Protection logs, VBNs, and ccSubSDK database.☆65Updated 2 years ago
- Prefetch Explorer Command Line☆261Updated 7 months ago
- Parses $MFT from NTFS file systems☆259Updated 3 months ago
- Lnk Explorer Command line edition!!☆320Updated 7 months ago
- Windows 10 (v1803+) ActivitiesCache.db parsers (SQLite, PowerShell, .EXE)☆189Updated 2 years ago
- An AFF4 C++ implementation.☆207Updated 2 years ago
- ☆52Updated last month
- ☆20Updated last week
- A better strings utility!☆137Updated 2 months ago
- An NTFS/FAT parser for digital forensics & incident response☆209Updated 9 months ago
- SysmonX - An Augmented Drop-In Replacement of Sysmon☆215Updated 5 years ago
- Recycle bin artifact parser☆50Updated 6 months ago
- ☆303Updated 5 years ago
- Signature engine for all your logs☆171Updated last year
- ☆47Updated 7 months ago
- Registry Explorer bookmark definitions☆43Updated 8 months ago
- YARA rule analyzer to improve rule quality and performance☆103Updated 4 months ago
- Carve file metadata from NTFS index ($I30) attributes☆70Updated last year
- A parser of Windows Defender's DetectionHistory forensic artifact, containing substantial info about quarantined files and executables.☆113Updated 3 years ago