EricZimmerman / evtx
C# based evtx parser with lots of extras
☆290Updated last month
Alternatives and similar repositories for evtx:
Users that are interested in evtx are comparing it to the libraries listed below
- Parses amcache.hve files, but with a twist!☆130Updated 2 months ago
- Parses $MFT from NTFS file systems☆227Updated last week
- ☆199Updated 4 months ago
- Sysmon EDR POC Build within Powershell to prove ability.☆221Updated 3 years ago
- PowerShell module for Office 365 and Azure log collection☆260Updated this week
- Command line access to the Registry☆137Updated last month
- ☆301Updated 4 years ago
- Public Repo for Atomic Test Harness☆265Updated 8 months ago
- AppCompatCache (shimcache) parser. Supports Windows 7 (x86 and x64), Windows 8.x, and Windows 10☆114Updated 2 months ago
- A python script developed to process Windows memory images based on triage type.☆260Updated last year
- A repo that contains recursive directory listings (using PowerShell) of a vanilla (clean) install of every Windows OS version to compare …☆153Updated 3 months ago
- Rules generated from our investigations.☆193Updated this week
- Sysmon configuration file template with default high-quality event tracing☆473Updated last year
- Get all my software☆151Updated 2 months ago
- #ThreatHunting #DFIR #Malware #Detection Mind Maps☆288Updated 3 years ago
- ATT&CK Remote Threat Hunting Incident Response☆200Updated 3 months ago
- An NTFS/FAT parser for digital forensics & incident response☆199Updated 4 months ago
- evtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.☆151Updated 3 years ago
- OneDriveExplorer is a command line and GUI based application for reconstructing the folder structure of OneDrive from the <UserCid>.dat a…☆192Updated 3 weeks ago
- A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs☆704Updated last month
- Misc Threat Hunting Resources☆373Updated 2 years ago
- OSSEM Detection Model☆175Updated 2 years ago
- ☆67Updated 2 weeks ago
- Consolidation of various resources related to Microsoft Sysmon & sample data/log☆108Updated 3 years ago
- Tool Analysis Result Sheet☆347Updated 7 years ago
- Event Tracing For Windows (ETW) Resources☆362Updated 5 months ago
- Anything Sysmon related from the MSTIC R&D team☆150Updated 9 months ago
- $MFT directory tree reconstruction & FILE record info☆297Updated 5 months ago
- MAL-CL (Malicious Command-Line)☆310Updated 2 years ago
- RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.☆253Updated last year