airbus-cert / etl-parserLinks
Event Trace Log file parser in pure Python
☆145Updated 4 years ago
Alternatives and similar repositories for etl-parser
Users that are interested in etl-parser are comparing it to the libraries listed below
Sorting:
- Binary commandline executable to parse ETL files☆67Updated 7 years ago
- ConventionEngine - A Yara Rulepack for PDB Path Hunting☆38Updated 2 years ago
- Generate YARA rules for OOXML documents.☆38Updated 2 years ago
- Trace ScriptBlock execution for powershell v2☆40Updated 5 years ago
- Documentation and supporting script sample for Windows Exploit Guard☆157Updated 3 years ago
- An Incident Response tool that visualizes historic process execution evidence (based on Event ID 4688 - Process Creation Event) in a tree…☆60Updated 7 years ago
- Signature engine for all your logs☆171Updated last year
- A library for fast parse & import of Windows Eventlogs into Elasticsearch.☆85Updated 2 months ago
- SysmonX - An Augmented Drop-In Replacement of Sysmon☆215Updated 5 years ago
- Random hunting ordiented yara rules☆97Updated 2 years ago
- Telsy CTI Research Team☆57Updated 4 years ago
- Extract BITS jobs from QMGR queue and store them as CSV records☆75Updated 6 months ago
- NTFS parser, plus linking capabilites between MFT LogFile and UsnJrnl☆37Updated 9 years ago
- Windows link file (shortcuts) examiner☆68Updated last year
- A repository that maps API calls to Sysmon Event ID's.☆122Updated 2 years ago
- Yet another registry parser☆134Updated 3 years ago
- Hollowfind is a Volatility plugin to detect different types of process hollowing techniques used in the wild to bypass, confuse, deflect …☆139Updated 2 years ago
- Handy scripts to speed up malware analysis☆35Updated last year
- This tool is the result of a reverse engineering process of the Windows service called SysMain. Time to interact with the prefetch files …☆31Updated 4 years ago
- Automatic YARA rule generation for Malpedia☆161Updated 2 years ago
- VSCode extension for the YARA pattern matching language☆64Updated last year
- Pure Python parser for Application Compatibility Shim Databases (.sdb files)☆108Updated 4 years ago
- Tool to decompress data from Windows 10 page files and memory dumps, that has been compressed by the Windows 10 memory manager.☆51Updated 6 years ago
- Psinfo is a Volatility plugin which collects the process related information from the VAD (Virtual Address Descriptor) and PEB (Process E…☆36Updated 8 years ago
- PowerGRR is an API client library in PowerShell working on Windows, Linux and macOS for GRR automation and scripting.☆57Updated 3 years ago
- An Inofficial Sysmon Version History (Change Log)☆33Updated 4 years ago
- $MFT parser (from live systems or a copy of the $MFT) and raw file copy utility☆37Updated last year
- ☆41Updated 2 years ago
- A tool for de-obfuscating PowerShell scripts☆70Updated 6 years ago
- A YARA Rule Performance Measurement Tool☆60Updated last year