This is a set of tools for doing forensics analysis on Microsoft ESE databases.
☆130Jan 31, 2022Updated 4 years ago
Alternatives and similar repositories for ese-analyst
Users that are interested in ese-analyst are comparing it to the libraries listed below
Sorting:
- A forensics tool to convert the data in the Windows srum (System Resource Usage Monitor) database to an xlsx spreadsheet.☆735Jun 5, 2025Updated 9 months ago
- Identifies physical locations where a laptop has been based upon wireless profiles and wireless data recorded in event logs☆101Jun 2, 2021Updated 4 years ago
- ☆24Mar 12, 2025Updated 11 months ago
- Browse Windows Prefetch versions: 17,23,26,30v1/2,31 & some of SuperFetch .7db/.db's☆64Dec 18, 2024Updated last year
- ☆25Jul 23, 2024Updated last year
- Parser for Sdba memory pool tags☆21Jul 16, 2021Updated 4 years ago
- CryptnetURLCacheParser is a tool to parse CryptAPI cache files☆21Aug 3, 2024Updated last year
- Evtx Log (xml) Browser☆56Mar 12, 2023Updated 2 years ago
- An NTFS/FAT parser for digital forensics & incident response☆220Oct 31, 2025Updated 4 months ago
- Yara rules☆22Mar 27, 2023Updated 2 years ago
- Yet another registry parser☆138Apr 15, 2022Updated 3 years ago
- Windows 10 Live Information viewer☆38Jan 27, 2022Updated 4 years ago
- Google Filestream Forensic Tool☆22Mar 10, 2022Updated 3 years ago
- JPCERT/CC public YARA rules repository☆109Nov 14, 2025Updated 3 months ago
- Windows 10 (v1803+) ActivitiesCache.db parsers (SQLite, PowerShell, .EXE)☆196Feb 16, 2023Updated 3 years ago
- A python script developed to process Windows memory images based on triage type.☆266Nov 25, 2023Updated 2 years ago
- PowerShell scripts for running Magnet RESPONSE forensic collection tool in large enterprises.☆30Jan 9, 2025Updated last year
- http://moaistory.blogspot.com/2018/10/winsearchdbanalyzer.html☆127Jul 20, 2024Updated last year
- Just Another broken Registry Parser (JARP)☆16May 23, 2024Updated last year
- Forensic cheatsheets for use with cheat☆15Dec 2, 2021Updated 4 years ago
- A repository of output using KAPE (!EZParser Module) for various publicly available forensic images!☆17Aug 31, 2024Updated last year
- ☆226Nov 9, 2023Updated 2 years ago
- Parses the WMI object database....looking for persistence☆34Dec 12, 2019Updated 6 years ago
- Windows Forensics Environment Builder☆180Dec 5, 2025Updated 3 months ago
- Decode security descriptors in $Secure on NTFS☆22Feb 24, 2022Updated 4 years ago
- WLEAPP is an open source project that aims to parse Windows OS artifacts for the purpose of triage analysis.☆32Nov 16, 2023Updated 2 years ago
- OneDriveExplorer is a command line and GUI based application for reconstructing the folder structure of OneDrive from the <UserCid>.dat a…☆229Jan 6, 2026Updated last month
- An easy to use PowerShell script to collect memory and disk forensics for DFIR investigations.☆341Dec 3, 2025Updated 3 months ago
- Generates YARA rules to detect malware using API hashing☆17Mar 16, 2021Updated 4 years ago
- FileSigExtractor is a python based tool which extracts the file signatures of all files within a directory and writes the output to a CSV…☆10Jul 15, 2023Updated 2 years ago
- A password list optimized for use on Android devices.☆11Jul 2, 2022Updated 3 years ago
- A simple python script to generate nested folders based on user input. The script will also name and place a template report document and…☆11Jun 19, 2025Updated 8 months ago
- Rhaegal is a tool written in Python 3 used to scan Windows Event Logs for suspicious logs. Rhaegal uses custom rule format to detect sus…☆42Sep 21, 2023Updated 2 years ago
- ☆14Feb 8, 2020Updated 6 years ago
- $MFT parser (from live systems or a copy of the $MFT) and raw file copy utility☆38Jul 18, 2024Updated last year
- Python script to walk a folder or a zip file for SQLite Databases☆37Sep 20, 2023Updated 2 years ago
- Tool to parse SRU database☆25Mar 1, 2018Updated 8 years ago
- Scapy packet fragment reassembly engines☆35Jan 24, 2021Updated 5 years ago
- Development guide for Volatility Plugins☆22Sep 6, 2017Updated 8 years ago