EricZimmerman / LECmd
Lnk Explorer Command line edition!!
☆277Updated 5 months ago
Related projects ⓘ
Alternatives and complementary repositories for LECmd
- Parses amcache.hve files, but with a twist!☆121Updated 2 months ago
- AppCompatCache (shimcache) parser. Supports Windows 7 (x86 and x64), Windows 8.x, and Windows 10☆110Updated 3 weeks ago
- RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.☆241Updated last year
- Prefetch Explorer Command Line☆224Updated 2 months ago
- Beta versions of my software☆245Updated last year
- C# based evtx parser with lots of extras☆282Updated 2 months ago
- Parses $MFT from NTFS file systems☆202Updated this week
- Windows Registry Knowledge Base☆162Updated last month
- Cobalt Strike Beacon configuration extractor and parser.☆146Updated 3 years ago
- Event Tracing For Windows (ETW) Resources☆349Updated last month
- Commandline low level file extractor for NTFS☆274Updated 5 years ago
- Collect-MemoryDump - Automated Creation of Windows Memory Snapshots for DFIR☆220Updated 8 months ago
- Detect and respond to Cobalt Strike beacons using ETW.☆481Updated 2 years ago
- Parser for $UsnJrnl on NTFS☆108Updated last year
- Project for identifying executables that have command-line options that can be obfuscated, possibly bypassing detection rules.☆140Updated 3 years ago
- Command line access to the Registry☆132Updated 3 weeks ago
- Events from all manifest-based and mof-based ETW providers across Windows 10 versions☆269Updated 6 months ago
- PowerShell script for deobfuscating encoded PowerShell scripts☆417Updated 3 years ago
- A repository that maps commonly used attacks using MSRPC protocols to ATT&CK☆313Updated last year
- Parser for $LogFile on NTFS☆190Updated 11 months ago
- An NTFS/FAT parser for digital forensics & incident response☆192Updated 2 weeks ago
- $MFT directory tree reconstruction & FILE record info☆292Updated last month
- Extracted Yara rules from Windows Defender mpavbase and mpasbase☆234Updated last week
- Live forensic artifacts collector☆160Updated 4 months ago
- ☆482Updated 2 months ago
- Windows symbol tables for Volatility 3☆74Updated 4 months ago
- Encyclopedia for Executables☆417Updated 3 years ago
- Sysmon EDR POC Build within Powershell to prove ability.☆218Updated 3 years ago
- Detection in the form of Yara, Snort and ClamAV signatures.☆208Updated 3 weeks ago
- Code and yara rules to detect and analyze Cobalt Strike☆264Updated 3 years ago