Velocidex / go-ese
Go implementation of an Extensible Storage Engine parser
☆26Updated 7 months ago
Related projects: ⓘ
- A golang implementation of a prefetch parser.☆19Updated last week
- ☆10Updated 10 months ago
- Hunt for SQLite files used by various applications☆10Updated last month
- ☆31Updated 2 years ago
- NTFS file system specimens☆13Updated last year
- Simple PowerShell script to enable process scanning with Yara.☆86Updated last year
- Windows registry samples☆23Updated 5 years ago
- Windows file metadata / forensic tool.☆14Updated this week
- Jupyter Notebooks for Cyber Threat Intelligence☆35Updated last year
- 🕵️ Process and show forensic artifacts (e.g. eventlogs, usb devices, network devices...) in forensicstores☆46Updated 10 months ago
- Emulates the VirusTotal "vt" YARA module for livehunt rule debugging/testing☆21Updated last year
- A repository containing the research output from my GCFE Gold Paper which compared Windows 10 and Windows 11.☆24Updated 2 years ago
- Imphash-like calculation on Golang binaries☆48Updated 2 years ago
- enpoint detection / live analysis & sandbox host / signatures quality test☆41Updated 3 years ago
- ☆34Updated last year
- PS-TrustedDocuments: PowerShell script to handle information on trusted documents for Microsoft Office☆33Updated last year
- USN Journal full path builder☆36Updated this week
- Malformed Access Log to CSV - Convert Web Server Access Logs to CSV☆15Updated 2 weeks ago
- Scripts and tools accompanying HP Threat Research blog posts and reports.☆48Updated 5 months ago
- THOR Thunderstorm Collectors☆24Updated last week
- Visual Studio Code Microsoft Sysinternal Sysmon configuration file extension.☆50Updated last year
- Rosie the Pivoter☆17Updated 6 years ago
- ☆19Updated last year
- ☆14Updated last year
- Parser for Sdba memory pool tags☆17Updated 3 years ago
- Yara rules☆18Updated last year
- This is a repo for fetching Applocker event log by parsing the win-event log☆29Updated 2 years ago
- Google Filestream Forensic Tool☆16Updated 2 years ago
- Just Another broken Registry Parser (JARP)☆15Updated 3 months ago