EricZimmerman / LECmdLinks
Lnk Explorer Command line edition!!
☆310Updated 5 months ago
Alternatives and similar repositories for LECmd
Users that are interested in LECmd are comparing it to the libraries listed below
Sorting:
- Prefetch Explorer Command Line☆258Updated 5 months ago
- AppCompatCache (shimcache) parser. Supports Windows 7 (x86 and x64), Windows 8.x, and Windows 10☆118Updated 5 months ago
- Parses amcache.hve files, but with a twist!☆136Updated 5 months ago
- C# based evtx parser with lots of extras☆313Updated 2 months ago
- RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.☆264Updated last year
- Event Tracing For Windows (ETW) Resources☆389Updated 8 months ago
- Windows Registry Knowledge Base☆175Updated 8 months ago
- Parses $MFT from NTFS file systems☆247Updated last month
- ☆772Updated 2 years ago
- Encyclopedia for Executables☆445Updated 3 years ago
- Detect and respond to Cobalt Strike beacons using ETW.☆500Updated 2 years ago
- Commandline low level file extractor for NTFS☆290Updated 5 years ago
- ☆519Updated 2 weeks ago
- Beta versions of my software☆255Updated last week
- Extract and Deobfuscate XLM macros (a.k.a Excel 4.0 Macros)☆581Updated last year
- Collect-MemoryDump - Automated Creation of Windows Memory Snapshots for DFIR☆240Updated 2 months ago
- Command line access to the Registry☆148Updated last month
- $MFT directory tree reconstruction & FILE record info☆305Updated 8 months ago
- Cobalt Strike Beacon configuration extractor and parser.☆153Updated 3 years ago
- Sysmon-Like research tool for ETW☆354Updated 2 years ago
- The multi-platform memory acquisition tool.☆802Updated this week
- A repository that maps commonly used attacks using MSRPC protocols to ATT&CK☆331Updated 2 years ago
- ☆148Updated last year
- PowerShell script for deobfuscating encoded PowerShell scripts☆424Updated 4 years ago
- View ETW Provider manifest☆498Updated 7 months ago
- Parser for $LogFile on NTFS☆196Updated 3 weeks ago
- MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR☆635Updated this week
- Project for identifying executables that have command-line options that can be obfuscated, possibly bypassing detection rules.☆174Updated 4 months ago
- Extracted Yara rules from Windows Defender mpavbase and mpasbase☆429Updated last month
- Standard collection of rules for capa: the tool for enumerating the capabilities of programs☆600Updated this week