EricZimmerman / LECmd
Lnk Explorer Command line edition!!
☆275Updated 4 months ago
Related projects ⓘ
Alternatives and complementary repositories for LECmd
- Prefetch Explorer Command Line☆220Updated last month
- Parses amcache.hve files, but with a twist!☆118Updated 2 months ago
- AppCompatCache (shimcache) parser. Supports Windows 7 (x86 and x64), Windows 8.x, and Windows 10☆109Updated this week
- Windows Registry Knowledge Base☆162Updated last month
- Parses $MFT from NTFS file systems☆198Updated last week
- C# based evtx parser with lots of extras☆280Updated 2 months ago
- RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.☆241Updated last year
- Collect-MemoryDump - Automated Creation of Windows Memory Snapshots for DFIR☆219Updated 8 months ago
- Event Tracing For Windows (ETW) Resources☆348Updated last month
- Cobalt Strike Beacon configuration extractor and parser.☆145Updated 3 years ago
- Parser for $UsnJrnl on NTFS☆108Updated last year
- Beta versions of my software☆245Updated last year
- ☆481Updated 2 months ago
- Command line access to the Registry☆130Updated this week
- MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR☆534Updated last week
- Parser for $LogFile on NTFS☆189Updated 11 months ago
- 🚀AutoRuns is a PowerShell module that will help do live incident response and enumerate autoruns artifacts that may be used by legitima…☆255Updated 6 months ago
- Detect and respond to Cobalt Strike beacons using ETW.☆481Updated 2 years ago
- A repository that maps commonly used attacks using MSRPC protocols to ATT&CK☆308Updated last year
- Sysmon-Like research tool for ETW☆333Updated last year
- Commandline low level file extractor for NTFS☆274Updated 5 years ago
- Live forensic artifacts collector☆160Updated 4 months ago
- Project for identifying executables that have command-line options that can be obfuscated, possibly bypassing detection rules.☆138Updated 3 years ago
- ☆141Updated 5 months ago
- $MFT directory tree reconstruction & FILE record info☆292Updated last month
- Full featured, offline Registry parser in C#☆220Updated 2 months ago
- Windows symbol tables for Volatility 3☆72Updated 3 months ago
- An NTFS/FAT parser for digital forensics & incident response☆191Updated this week
- View ETW Provider manifest☆428Updated last week
- http://moaistory.blogspot.com/2018/10/winsearchdbanalyzer.html☆118Updated 3 months ago