EricZimmerman / PECmd
Prefetch Explorer Command Line
☆209Updated last week
Related projects: ⓘ
- Parses amcache.hve files, but with a twist!☆115Updated 2 weeks ago
- Lnk Explorer Command line edition!!☆261Updated 3 months ago
- AppCompatCache (shimcache) parser. Supports Windows 7 (x86 and x64), Windows 8.x, and Windows 10☆107Updated 2 weeks ago
- Parses $MFT from NTFS file systems☆183Updated this week
- Windows Registry Knowledge Base☆158Updated 5 months ago
- ☆293Updated 4 years ago
- ☆474Updated 3 weeks ago
- MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR☆485Updated this week
- RDP Bitmap Cache parser☆463Updated 9 months ago
- $MFT directory tree reconstruction & FILE record info☆282Updated 7 months ago
- Beta versions of my software☆245Updated 11 months ago
- Sysmon EDR POC Build within Powershell to prove ability.☆215Updated 3 years ago
- C# based evtx parser with lots of extras☆266Updated 2 weeks ago
- RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.☆234Updated last year
- SysmonX - An Augmented Drop-In Replacement of Sysmon☆206Updated 5 years ago
- Parser for $UsnJrnl on NTFS☆103Updated last year
- Detection in the form of Yara, Snort and ClamAV signatures.☆201Updated last week
- Event Tracing For Windows (ETW) Resources☆342Updated 10 months ago
- PowerShell script for deobfuscating encoded PowerShell scripts☆416Updated 3 years ago
- Command line access to the Registry☆123Updated last week
- Parser for $LogFile on NTFS☆184Updated 9 months ago
- An NTFS/FAT parser for digital forensics & incident response☆189Updated last year
- Commandline low level file extractor for NTFS☆272Updated 5 years ago
- Extract and Deobfuscate XLM macros (a.k.a Excel 4.0 Macros)☆568Updated 4 months ago
- Digital forensic acquisition tool for Windows based incident response.☆328Updated 4 months ago
- RegRipper3.0☆534Updated 3 weeks ago
- Signature engine for all your logs☆156Updated 10 months ago
- ☆214Updated 4 months ago
- ☆271Updated last year
- Collect-MemoryDump - Automated Creation of Windows Memory Snapshots for DFIR☆216Updated 6 months ago