MarkBaggett/ese-analyst external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

MarkBaggett/ese-analyst

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/MarkBaggett/ese-analyst)

Close

MarkBaggett / ese-analystView on GitHubMore

• External links
• Readme badge

This is a set of tools for doing forensics analysis on Microsoft ESE databases.

☆129Jan 31, 2022Updated 4 years ago

Alternatives and similar repositories for ese-analyst

Users that are interested in ese-analyst are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• MarkBaggett / srum-dump

  View on GitHub
  A forensics tool to convert the data in the Windows srum (System Resource Usage Monitor) database to an xlsx spreadsheet.
  ☆737Jun 5, 2025Updated 9 months ago
• MarkBaggett / werejugo

  View on GitHub
  Identifies physical locations where a laptop has been based upon wireless profiles and wireless data recorded in event logs
  ☆101Jun 2, 2021Updated 4 years ago
• MarkBaggett / reassembler

  View on GitHub
  Scapy packet fragment reassembly engines
  ☆35Jan 24, 2021Updated 5 years ago
• 00010111 / gMetaDataParse

  View on GitHub
  ☆24Mar 12, 2025Updated last year
• forensicxlab / volatility3_plugins

  View on GitHub
  ☆25Jul 23, 2024Updated last year
• GPU virtual machines on DigitalOcean Gradient AI • Ad
  Get to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
• ArsenalRecon / SdbaParser

  View on GitHub
  Parser for Sdba memory pool tags
  ☆21Jul 16, 2021Updated 4 years ago
• kacos2000 / Evtx_Log_Browser

  View on GitHub
  Evtx Log (xml) Browser
  ☆56Mar 12, 2023Updated 3 years ago
• kacos2000 / Prefetch-Browser

  View on GitHub
  Browse Windows Prefetch versions: 17,23,26,30v1/2,31 & some of SuperFetch .7db/.db's
  ☆64Dec 18, 2024Updated last year
• AndrewRathbun / ForensicImageKAPEOutput

  View on GitHub
  A repository of output using KAPE (!EZParser Module) for various publicly available forensic images!
  ☆17Aug 31, 2024Updated last year
• AbdulRhmanAlfaifi / CryptnetURLCacheParser

  View on GitHub
  CryptnetURLCacheParser is a tool to parse CryptAPI cache files
  ☆21Aug 3, 2024Updated last year
• ruppde / yara_rules

  View on GitHub
  Yara rules
  ☆22Mar 27, 2023Updated 2 years ago
• kacos2000 / Win10LiveInfo

  View on GitHub
  Windows 10 Live Information viewer
  ☆38Jan 27, 2022Updated 4 years ago
• net-protect / google-fs-recover

  View on GitHub
  Google Filestream Forensic Tool
  ☆22Mar 10, 2022Updated 4 years ago
• msuhanov / dfir_ntfs

  View on GitHub
  An NTFS/FAT parser for digital forensics & incident response
  ☆224Oct 31, 2025Updated 4 months ago
• DigitalOcean Gradient AI Platform • Ad
  Build production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
• strozfriedberg / ntfs-linker

  View on GitHub
  An NTFS journal parser
  ☆80Mar 3, 2016Updated 10 years ago
• MarkBaggett / apiify

  View on GitHub
  Wrap any binary into a cached webserver
  ☆60Apr 5, 2022Updated 3 years ago
• MagnetForensics / Magnet-RESPONSE-PowerShell

  View on GitHub
  PowerShell scripts for running Magnet RESPONSE forensic collection tool in large enterprises.
  ☆31Jan 9, 2025Updated last year
• jschicht / Secure2Csv

  View on GitHub
  Decode security descriptors in $Secure on NTFS
  ☆22Feb 24, 2022Updated 4 years ago
• kacos2000 / WindowsTimeline

  View on GitHub
  Windows 10 (v1803+) ActivitiesCache.db parsers (SQLite, PowerShell, .EXE)
  ☆196Feb 16, 2023Updated 3 years ago
• MarkBaggett / domain_stats

  View on GitHub
  ☆226Nov 9, 2023Updated 2 years ago
• woanware / wmi-parser

  View on GitHub
  Parses the WMI object database....looking for persistence
  ☆34Dec 12, 2019Updated 6 years ago
• wfraser / EseView

  View on GitHub
  A graphical ESE (aka ESENT or JET) database viewer.
  ☆25Oct 26, 2015Updated 10 years ago
• AbdulRhmanAlfaifi / Rhaegal

  View on GitHub
  Rhaegal is a tool written in Python 3 used to scan Windows Event Logs for suspicious logs. Rhaegal uses custom rule format to detect sus…
  ☆43Sep 21, 2023Updated 2 years ago
• GPU virtual machines on DigitalOcean Gradient AI • Ad
  Get to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
• bgrundy / cheatsheets-forensic

  View on GitHub
  Forensic cheatsheets for use with cheat
  ☆15Dec 2, 2021Updated 4 years ago
• Project-Prismatica / Oculus

  View on GitHub
  ☆12Dec 7, 2022Updated 3 years ago
• JPCERTCC / jpcert-yara

  View on GitHub
  JPCERT/CC public YARA rules repository
  ☆109Mar 9, 2026Updated 2 weeks ago
• kacos2000 / WinEDB

  View on GitHub
  Windows.EDB Browser
  ☆60Mar 6, 2023Updated 3 years ago
• msuhanov / yarp

  View on GitHub
  Yet another registry parser
  ☆137Apr 15, 2022Updated 3 years ago
• AndrewRathbun / SANSGoldPaperResearch_FOR500_Rathbun

  View on GitHub
  A repository containing the research output from my GCFE Gold Paper which compared Windows 10 and Windows 11.
  ☆27Jul 27, 2022Updated 3 years ago
• CrowdStrike / SuperMem

  View on GitHub
  A python script developed to process Windows memory images based on triage type.
  ☆266Nov 25, 2023Updated 2 years ago
• tbarabosch / apihash_to_yara

  View on GitHub
  Generates YARA rules to detect malware using API hashing
  ☆17Mar 16, 2021Updated 5 years ago
• moaistory / WinSearchDBAnalyzer

  View on GitHub
  http://moaistory.blogspot.com/2018/10/winsearchdbanalyzer.html
  ☆127Jul 20, 2024Updated last year
• GPU virtual machines on DigitalOcean Gradient AI • Ad
  Get to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
• ignacioj / mftf

  View on GitHub
  $MFT parser (from live systems or a copy of the $MFT) and raw file copy utility
  ☆38Jul 18, 2024Updated last year
• stuxnet999 / FileSigExtractor

  View on GitHub
  FileSigExtractor is a python based tool which extracts the file signatures of all files within a directory and writes the output to a CSV…
  ☆10Jul 15, 2023Updated 2 years ago
• tvfischer / ps-srum-hunting

  View on GitHub
  PowerShell Script to facilitate the processing of SRUM data for on-the-fly forensics and if needed threat hunting
  ☆23Oct 26, 2019Updated 6 years ago
• EricZimmerman / Srum

  View on GitHub
  ☆51Nov 25, 2025Updated 4 months ago
• dwmetz / CyberPipe

  View on GitHub
  An easy to use PowerShell script to collect memory and disk forensics for DFIR investigations.
  ☆340Dec 3, 2025Updated 3 months ago
• Silv3rHorn / ArtifactExtractor

  View on GitHub
  Extract common Windows artifacts from source images and VSCs
  ☆65May 10, 2021Updated 4 years ago
• devgc / SrumMonkey

  View on GitHub
  Tool to parse SRU database
  ☆25Mar 1, 2018Updated 8 years ago