MarkBaggett / ese-analyst
This is a set of tools for doing forensics analysis on Microsoft ESE databases.
☆124Updated 3 years ago
Alternatives and similar repositories for ese-analyst:
Users that are interested in ese-analyst are comparing it to the libraries listed below
- ☆5Updated 5 months ago
- ATT&CK Remote Threat Hunting Incident Response☆200Updated 3 months ago
- Invoke-LiveResponse☆147Updated 3 years ago
- Scripts to facilitate filtering with Plaso☆124Updated 4 years ago
- A PowerShell incident response script for quick triage☆80Updated 2 years ago
- Stand-alone parser for User Access Logging from Server 2012 and newer systems☆72Updated last year
- Invoke-Forensics provides PowerShell commands to simplify working with the forensic tools KAPE and RegRipper.☆114Updated last year
- Detection Ideas & Rules repository.☆179Updated 3 years ago
- ☆33Updated 5 months ago
- "Evolving AppCompat/AmCache data analysis beyond grep"☆201Updated 3 years ago
- Provides detection capabilities and log conversion to evtx or syslog capabilities☆52Updated 2 years ago
- Collection of useful, up to date, Carbon Black Response Queries☆83Updated 4 years ago
- A script that updates KAPE (using Get-KAPEUpdate.ps1) as well as EZ Tools (within .\KAPE\Modules\bin) and the ancillary files that enhanc…☆55Updated last month
- ☆49Updated 3 weeks ago
- 2021 SANS DFIR Summit: Greppin' Logs☆21Updated 3 years ago
- Security Monitoring Resolution Categories☆138Updated 3 years ago
- Digital Forensics Artifacts Knowledge Base☆80Updated 10 months ago
- Office365 Log Analysis Framework☆82Updated 5 years ago
- Repository of public reference frameworks for the DFIR community.☆115Updated last year
- Collection of scripts provided for public use☆34Updated last week
- Get all my software☆152Updated 2 months ago
- ☆86Updated last year
- The home of the BriMor Labs rdpieces Perl script that tries to rebuild parsed RDP Bitmap Cache images☆80Updated last year
- A community event for security researchers to share their favorite notebooks☆107Updated last year
- This repository contains helper scripts and custom configs to get the best out of Google's Timesketch project.☆107Updated last year
- Command line access to the Registry☆137Updated 2 months ago
- Documentation repository☆44Updated 6 months ago
- Automagically extract forensic timeline from volatile memory dump☆128Updated 10 months ago
- Microsoft Threat Protection Advance Hunting Cheat Sheet☆79Updated 4 years ago
- A cross-platform baselining, threat hunting, and attack surface analysis tool for security teams.☆207Updated last month