MarkBaggett / ese-analystLinks
This is a set of tools for doing forensics analysis on Microsoft ESE databases.
☆125Updated 3 years ago
Alternatives and similar repositories for ese-analyst
Users that are interested in ese-analyst are comparing it to the libraries listed below
Sorting:
- A PowerShell incident response script for quick triage☆80Updated 2 years ago
- "Evolving AppCompat/AmCache data analysis beyond grep"☆204Updated 3 years ago
- Stand-alone parser for User Access Logging from Server 2012 and newer systems☆73Updated last year
- Digital Forensics Artifacts Knowledge Base☆81Updated last year
- Detection Ideas & Rules repository.☆179Updated 3 years ago
- Provides detection capabilities and log conversion to evtx or syslog capabilities☆53Updated 2 years ago
- Scripts to facilitate filtering with Plaso☆125Updated 5 years ago
- ATT&CK Remote Threat Hunting Incident Response☆200Updated 5 months ago
- ☆7Updated 7 months ago
- ☆34Updated 7 months ago
- Invoke-LiveResponse☆148Updated 3 years ago
- Invoke-Forensics provides PowerShell commands to simplify working with the forensic tools KAPE and RegRipper.☆114Updated last year
- A cross-platform baselining, threat hunting, and attack surface analysis tool for security teams.☆216Updated 2 months ago
- Repository of public reference frameworks for the DFIR community.☆116Updated last year
- Collection of useful, up to date, Carbon Black Response Queries☆83Updated 4 years ago
- RRR (Rapid Response Reporting) is a collection of Incident Response Report objects. They are designed to help incident responders provid…☆37Updated 3 years ago
- ☆87Updated last year
- 2021 SANS DFIR Summit: Greppin' Logs☆20Updated 3 years ago
- Blueteam operational triage registry hunting/forensic tool.☆147Updated 2 years ago
- Dump of organized knowledge on DFIR☆134Updated 3 years ago
- Documentation repository☆46Updated 9 months ago
- Powering Up Incident Response with Power-Response☆63Updated 5 years ago
- Security Monitoring Resolution Categories☆138Updated 3 years ago
- A script that updates KAPE (using Get-KAPEUpdate.ps1) as well as EZ Tools (within .\KAPE\Modules\bin) and the ancillary files that enhanc…☆56Updated last month
- A community event for security researchers to share their favorite notebooks☆107Updated last year
- Get all my software☆159Updated 3 weeks ago
- The home of the BriMor Labs rdpieces Perl script that tries to rebuild parsed RDP Bitmap Cache images☆80Updated last year
- Office365 Log Analysis Framework☆82Updated 5 years ago
- Memory Baseliner is a script that can compare two windows memory images or perform frequency of occurrence / data stacking analysis on mu…☆53Updated last year
- ☆59Updated last year