Alternatives and similar repositories for pyADS:

Users that are interested in pyADS are comparing it to the libraries listed below

• jeffbryner / pyMFTGrabber
  Utility to retrieve the Master File Table (MFT) from a live running NTFS volume and send it to a netcat listener.
  ☆40Updated 10 years ago
• forensicmatt / PyWindowsThingies
  Windows Thingies in Python for live use.
  ☆24Updated 5 years ago
• PoorBillionaire / USN-Journal-Parser
  Python script to parse the NTFS USN Journal
  ☆108Updated 2 years ago
• fbruzzaniti / Capture-Py
  Capture-Py is a malware analysis tool that makes a copy of any files deleted or modified in a given directory and sub-directories. It was…
  ☆23Updated 7 years ago
• Paul-Tew / lifer
  Windows link file (shortcuts) examiner
  ☆67Updated 7 months ago
• jschicht / Secure2Csv
  Decode security descriptors in $Secure on NTFS
  ☆20Updated 2 years ago
• woanware / wmi-parser
  Parses the WMI object database....looking for persistence
  ☆31Updated 5 years ago
• grierforensics / officedissector
  Static analysis tools for Microsoft Office Open XML files and documents
  ☆68Updated 7 years ago
• msuhanov / winmem_decompress
  Extract compressed memory pages from page-aligned data
  ☆42Updated 6 years ago
• jschicht / PowerMft
  Powerful commandline $MFT record editor.
  ☆23Updated 9 years ago
• matthewdunwoody / PS_logging_reg
  A Windows REG file to enable all default PowerShell logging on a system with PowerShell v5 installed
  ☆16Updated 8 years ago
• DissectMalware / base64_substring
  Generate a Yara rule to find base64-encoded files containg a specific keyword
  ☆40Updated 6 years ago
• superponible / DFIR
  Various DFIR Tools
  ☆26Updated 6 years ago
• williballenthin / python-ntfs
  Open source Python library for NTFS analysis
  ☆80Updated 7 years ago
• ignacioj / mftf
  $MFT parser (from live systems or a copy of the $MFT) and raw file copy utility
  ☆36Updated 6 months ago
• jschicht / MftRcrd
  Command line $MFT record decoder
  ☆11Updated 7 years ago
• IllusiveNetworks-Labs / HistoricProcessTree
  An Incident Response tool that visualizes historic process execution evidence (based on Event ID 4688 - Process Creation Event) in a tree…
  ☆59Updated 7 years ago
• woanware / autorunner
  Emulates the Sysinternals Autoruns tool, but for DFIR purposes e.g. multi user processing
  ☆55Updated 5 years ago
• msuhanov / yarp
  Yet another registry parser
  ☆130Updated 2 years ago
• EricZimmerman / RegistryExplorerBookmarks
  Registry Explorer bookmark definitions
  ☆41Updated last month
• williballenthin / python-sdb
  Pure Python parser for Application Compatibility Shim Databases (.sdb files)
  ☆108Updated 4 years ago
• PoorBillionaire / USN-Record-Carver
  Carve NTFS USN records from binary data
  ☆24Updated 7 years ago
• CdtDelta / YOP
  My Year of Python Repository
  ☆28Updated 4 years ago
• pcbje / pyad1
  Python library for parsing AccessData AD1 images
  ☆30Updated last year
• EricZimmerman / USBDevices
  Get USB Devices from Registry hives
  ☆21Updated 3 years ago
• bandrel / OCyara
  Performs OCR on image files and scans them for matches to YARA rules
  ☆40Updated 6 years ago
• log2timeline / dfwinreg
  Digital Forensics Windows Registry (dfWinReg)
  ☆49Updated last month
• pmelson / narc
  ☆53Updated 4 years ago
• bonifield / volatilityGrapher
  Force-Directed Graph Generator for Volatility Ouputs
  ☆26Updated 5 years ago
• zacbrown / hiddentreasure-etw-demo
  Basic demo for Hidden Treasure talk.
  ☆49Updated 7 years ago