Silv3rHorn / evtx2jsonView external linksLinks
evtx2json extracts events of interest from event logs, dedups them, and exports them to json.
β41May 3, 2021Updated 4 years ago
Alternatives and similar repositories for evtx2json
Users that are interested in evtx2json are comparing it to the libraries listed below
Sorting:
- π¦π¬A small PowerShell tool for finding information quickly on malicious IPs or FQDNs. Powershell threat hunting.β11Jan 9, 2020Updated 6 years ago
- Automating forensic data extraction, reduction, and overall triage of cold disk and memory images.β21Mar 12, 2019Updated 6 years ago
- Extract common Windows artifacts from source images and VSCsβ64May 10, 2021Updated 4 years ago
- macOS Artifact Intelligence Toolβ13Apr 30, 2019Updated 6 years ago
- Python tool and library to help analyze files during malware triage and analysis.β78Jul 2, 2020Updated 5 years ago
- A tool to convert Windows evtx files (Windows Event Log Files) into JSON format and log to Splunk (optional) using HTTP Event Collector.β58Apr 8, 2022Updated 3 years ago
- WLEAPP is an open source project that aims to parse Windows OS artifacts for the purpose of triage analysis.β33Nov 16, 2023Updated 2 years ago
- Library of threat hunts to get any user started!β48Sep 4, 2020Updated 5 years ago
- These are some of the commands which I use frequently during Malware Analysis and DFIR.β24Jan 8, 2024Updated 2 years ago
- Emulates the Sysinternals Autoruns tool, but for DFIR purposes e.g. multi user processingβ55May 18, 2019Updated 6 years ago
- Generic Signature Format for SIEM Systemsβ14Oct 27, 2021Updated 4 years ago
- GUI for regripperβ11Mar 19, 2019Updated 6 years ago
- Simple Script to Help You Find All Files Has Been Modified, Accessed, and Created In A Range Time.β27Dec 1, 2022Updated 3 years ago
- A script to assist in processing forensic RAM captures for malware triageβ26Feb 4, 2021Updated 5 years ago
- Technical add-on to ingest json formatted volatility memory analysis plugin outputsβ13May 21, 2018Updated 7 years ago
- Athenz is a role-based authorization (RBAC) system for provisioning and configuration (centralized authorization) use cases as well as seβ¦β13Oct 29, 2019Updated 6 years ago
- β12Jun 29, 2021Updated 4 years ago
- A framework that correlates Bro eventsβ18Oct 25, 2013Updated 12 years ago
- A not-at-all-ordered compilation of random security-related powershell scripts :-)β12Feb 24, 2022Updated 3 years ago
- A triage data collection script for macOSβ28Nov 27, 2020Updated 5 years ago
- Scripts and tools created for appx analysis talk (Magnet summit 2019)β19Feb 26, 2024Updated last year
- Various Topicsβ18Apr 30, 2025Updated 9 months ago
- This repo exists as a quick and dirty arsenal of methods and scripts to subvert .NET SSL/TLS certificate validation in PowerShell and preβ¦β12Jan 28, 2017Updated 9 years ago
- A tool to run a command when the target of a symlink changesβ16Apr 28, 2016Updated 9 years ago
- A Windows Event Processing Utilityβ47Feb 21, 2018Updated 7 years ago
- The Cold Disk Quick Response (CDQR) tool is a fast and easy to use forensic artifact parsing tool that works on disk images, mounted drivβ¦β345Jun 25, 2022Updated 3 years ago
- β33Feb 26, 2022Updated 3 years ago
- Threat Simulator for Enterprise Networksβ14May 14, 2022Updated 3 years ago
- Threat Feeds, Threat lists, and regular lists of known IP ranges and domains. It updates every 4 hours.β16May 21, 2021Updated 4 years ago
- β15Jun 4, 2018Updated 7 years ago
- An efficient tool for extracting files, directories, and alternate data streams directly from NTFS image files.β22Feb 21, 2024Updated last year
- A Heroku-based web honeypot that can be used to create and monitor fake HTTP endpoints (i.e. honeytokens).β65Apr 24, 2019Updated 6 years ago
- Windows 10 Live Information viewerβ37Jan 27, 2022Updated 4 years ago
- Open source training materials for law-enforcement and organisations interested in DFIR.β63May 30, 2025Updated 8 months ago
- A forensic open-source parser module for Autopsy that allows extracting the messages, comments, posts, contacts, calendar entries and reaβ¦β115Jan 19, 2026Updated 3 weeks ago
- Windows 10 (v1803+) ActivitiesCache.db parsers (SQLite, PowerShell, .EXE)β196Feb 16, 2023Updated 2 years ago
- Checks observables/ioc in TheHive/Cortex against the MISP warningslistsβ14Dec 27, 2017Updated 8 years ago
- Bolster NEO API - Artificial intelligence based zero-hour phishing detectionβ13Aug 10, 2021Updated 4 years ago
- Repository with Sample threat hunting notebooks on Security Event Log Data Sourcesβ69Dec 2, 2022Updated 3 years ago