evtx2json extracts events of interest from event logs, dedups them, and exports them to json.
β41May 3, 2021Updated 4 years ago
Alternatives and similar repositories for evtx2json
Users that are interested in evtx2json are comparing it to the libraries listed below
Sorting:
- π¦π¬A small PowerShell tool for finding information quickly on malicious IPs or FQDNs. Powershell threat hunting.β11Jan 9, 2020Updated 6 years ago
- Automating forensic data extraction, reduction, and overall triage of cold disk and memory images.β21Mar 12, 2019Updated 6 years ago
- Extract common Windows artifacts from source images and VSCsβ64May 10, 2021Updated 4 years ago
- macOS Artifact Intelligence Toolβ13Apr 30, 2019Updated 6 years ago
- Python tool and library to help analyze files during malware triage and analysis.β78Jul 2, 2020Updated 5 years ago
- A tool to convert Windows evtx files (Windows Event Log Files) into JSON format and log to Splunk (optional) using HTTP Event Collector.β58Apr 8, 2022Updated 3 years ago
- WLEAPP is an open source project that aims to parse Windows OS artifacts for the purpose of triage analysis.β32Nov 16, 2023Updated 2 years ago
- Windows Thingies... but in Rustβ23Nov 12, 2022Updated 3 years ago
- Library of threat hunts to get any user started!β50Sep 4, 2020Updated 5 years ago
- These are some of the commands which I use frequently during Malware Analysis and DFIR.β24Jan 8, 2024Updated 2 years ago
- macOS triage is a python script to collect various macOS logs, artifacts, and other data.β25Mar 25, 2021Updated 4 years ago
- Emulates the Sysinternals Autoruns tool, but for DFIR purposes e.g. multi user processingβ55May 18, 2019Updated 6 years ago
- CTI-URLScan is a command line tool to enable analysts to search URLscan.io submissions. Pull screenshot and DOM content. As well as, autoβ¦β10Mar 2, 2021Updated 5 years ago
- Generic Signature Format for SIEM Systemsβ14Oct 27, 2021Updated 4 years ago
- A script to assist in processing forensic RAM captures for malware triageβ26Feb 4, 2021Updated 5 years ago
- Simple Script to Help You Find All Files Has Been Modified, Accessed, and Created In A Range Time.β27Dec 1, 2022Updated 3 years ago
- ETW-Almulahaza is a consumer python-based tool that help you monitor ETW events of the operating systemβ13Jun 24, 2022Updated 3 years ago
- A not-at-all-ordered compilation of random security-related powershell scripts :-)β12Feb 24, 2022Updated 4 years ago
- Technical add-on to ingest json formatted volatility memory analysis plugin outputsβ13May 21, 2018Updated 7 years ago
- β12Jun 29, 2021Updated 4 years ago
- Athenz is a role-based authorization (RBAC) system for provisioning and configuration (centralized authorization) use cases as well as seβ¦β13Oct 29, 2019Updated 6 years ago
- A triage data collection script for macOSβ29Nov 27, 2020Updated 5 years ago
- Attempt to replicate the functions of auto_rip by Corey Harrell in Python.β12Aug 4, 2024Updated last year
- Scripts and tools created for appx analysis talk (Magnet summit 2019)β19Feb 26, 2024Updated 2 years ago
- A pure PowerShell/ .NET DFIR capability that dumps the Windows SRUM (System Resource Usage Monitor) database to CSVs for analysis.β14Oct 21, 2021Updated 4 years ago
- This repo exists as a quick and dirty arsenal of methods and scripts to subvert .NET SSL/TLS certificate validation in PowerShell and preβ¦β12Jan 28, 2017Updated 9 years ago
- Multicore EVTX to Elasticsearch ingestor for incident responders.β14May 12, 2021Updated 4 years ago
- A tool to run a command when the target of a symlink changesβ16Apr 28, 2016Updated 9 years ago
- Various Topicsβ18Apr 30, 2025Updated 10 months ago
- A Windows Event Processing Utilityβ47Feb 21, 2018Updated 8 years ago
- The Cold Disk Quick Response (CDQR) tool is a fast and easy to use forensic artifact parsing tool that works on disk images, mounted drivβ¦β343Jun 25, 2022Updated 3 years ago
- β28Mar 29, 2022Updated 3 years ago
- β33Feb 26, 2022Updated 4 years ago
- Threat Simulator for Enterprise Networksβ14May 14, 2022Updated 3 years ago
- β15Jun 4, 2018Updated 7 years ago
- Tool to rip system and user data from OSX and macOSβ16Dec 6, 2022Updated 3 years ago
- Threat Feeds, Threat lists, and regular lists of known IP ranges and domains. It updates every 4 hours.β16May 21, 2021Updated 4 years ago
- An efficient tool for extracting files, directories, and alternate data streams directly from NTFS image files.β22Feb 21, 2026Updated last week
- A Heroku-based web honeypot that can be used to create and monitor fake HTTP endpoints (i.e. honeytokens).β65Apr 24, 2019Updated 6 years ago