EricZimmerman / PECmd
Prefetch Explorer Command Line
☆246Updated 2 months ago
Alternatives and similar repositories for PECmd:
Users that are interested in PECmd are comparing it to the libraries listed below
- Parses amcache.hve files, but with a twist!☆129Updated 2 months ago
- AppCompatCache (shimcache) parser. Supports Windows 7 (x86 and x64), Windows 8.x, and Windows 10☆115Updated 2 months ago
- Parses $MFT from NTFS file systems☆229Updated last week
- Lnk Explorer Command line edition!!☆291Updated 2 months ago
- $MFT directory tree reconstruction & FILE record info☆303Updated 5 months ago
- Extract $MFT record info and log it to a csv file.☆265Updated 5 months ago
- Windows Registry Knowledge Base☆173Updated 5 months ago
- RegRipper3.0☆587Updated 3 months ago
- RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.☆253Updated last year
- C# based evtx parser with lots of extras☆293Updated last week
- Sysmon EDR POC Build within Powershell to prove ability.☆223Updated 3 years ago
- Parser for $UsnJrnl on NTFS☆109Updated 2 years ago
- Event Tracing For Windows (ETW) Resources☆365Updated 5 months ago
- Commandline low level file extractor for NTFS☆282Updated 5 years ago
- ☆302Updated 4 years ago
- Command line access to the Registry☆138Updated 2 months ago
- ☆498Updated 3 months ago
- PowerShell script for deobfuscating encoded PowerShell scripts☆425Updated 4 years ago
- MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR☆593Updated 2 weeks ago
- Collect-MemoryDump - Automated Creation of Windows Memory Snapshots for DFIR☆235Updated 2 weeks ago
- PowerDecode is a PowerShell-based tool that allows to deobfuscate PowerShell scripts obfuscated across multiple layers. The tool performs…☆177Updated 10 months ago
- ☆760Updated last year
- The Volatility Collaborative GUI☆240Updated this week
- ☆236Updated 10 months ago
- 🚀AutoRuns is a PowerShell module that will help do live incident response and enumerate autoruns artifacts that may be used by legitima…☆267Updated 2 months ago
- Anything Sysmon related from the MSTIC R&D team☆150Updated 9 months ago
- An NTFS/FAT parser for digital forensics & incident response☆200Updated 4 months ago
- The multi-platform memory acquisition tool.☆766Updated 3 months ago
- MAL-CL (Malicious Command-Line)☆310Updated 2 years ago
- RDP Bitmap Cache parser☆512Updated 2 months ago