davidpany/WMI_Forensics external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

davidpany/WMI_Forensics

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/davidpany/WMI_Forensics)

Close

davidpany / WMI_ForensicsView on GitHubMore

• External links
• Readme badge

☆313Aug 14, 2020Updated 5 years ago

Alternatives and similar repositories for WMI_Forensics

Users that are interested in WMI_Forensics are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• mandiant / flare-wmi

  View on GitHub
  ☆433May 3, 2023Updated 3 years ago
• woanware / wmi-parser

  View on GitHub
  Parses the WMI object database....looking for persistence
  ☆35Dec 12, 2019Updated 6 years ago
• brimorlabs / KStrike

  View on GitHub
  Stand-alone parser for User Access Logging from Server 2012 and newer systems
  ☆80Jan 9, 2024Updated 2 years ago
• orlikoski / CDQR

  View on GitHub
  The Cold Disk Quick Response (CDQR) tool is a fast and easy to use forensic artifact parsing tool that works on disk images, mounted driv…
  ☆344Jun 25, 2022Updated 3 years ago
• orlikoski / Skadi

  View on GitHub
  Collect, Process, and Hunt with host based data from MacOS, Windows, and Linux
  ☆507Oct 21, 2022Updated 3 years ago
• AI Agents on DigitalOcean Gradient AI Platform • Ad
  Build production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
• mbevilacqua / appcompatprocessor

  View on GitHub
  "Evolving AppCompat/AmCache data analysis beyond grep"
  ☆211Sep 15, 2021Updated 4 years ago
• forensiclunch / ETLParser

  View on GitHub
  Binary commandline executable to parse ETL files
  ☆69Jun 7, 2018Updated 7 years ago
• davehull / Kansa

  View on GitHub
  A Powershell incident response framework
  ☆1,654Nov 22, 2022Updated 3 years ago
• JPCERTCC / aa-tools

  View on GitHub
  Artifact analysis tools by JPCERT/CC Analysis Center
  ☆463Aug 14, 2025Updated 9 months ago
• Invoke-IR / PowerForensics

  View on GitHub
  PowerForensics provides an all in one platform for live disk forensic analysis
  ☆1,434Nov 16, 2023Updated 2 years ago
• log2timeline / plaso

  View on GitHub
  Super timeline all the things
  ☆2,071Updated this week
• williballenthin / EVTXtract

  View on GitHub
  EVTXtract recovers and reconstructs fragments of EVTX log files from raw binary data, including unallocated space and memory images.
  ☆211Mar 12, 2025Updated last year
• MalwareArchaeology / ARTHIR

  View on GitHub
  ATT&CK Remote Threat Hunting Incident Response
  ☆203Dec 8, 2024Updated last year
• mandiant / ShimCacheParser

  View on GitHub
  ☆279Apr 6, 2023Updated 3 years ago
• Managed Kubernetes at scale on DigitalOcean • Ad
  DigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
• AndrewRathbun / EventTranscript.db-Research

  View on GitHub
  A repo for centralizing ongoing research on the new Windows 10/11 DFIR artifact, EventTranscript.db.
  ☆43Jul 18, 2022Updated 3 years ago
• Invoke-IR / ACE

  View on GitHub
  Automated, Collection, and Enrichment Platform
  ☆326Nov 14, 2019Updated 6 years ago
• ForensicArtifacts / artifacts

  View on GitHub
  Digital Forensics artifact repository
  ☆1,239May 16, 2026Updated last week
• forensicmatt / RustyReg

  View on GitHub
  Registry to JSON. This Project is for learning purposes and is not maintained.
  ☆12Dec 28, 2021Updated 4 years ago
• ANSSI-FR / bits_parser

  View on GitHub
  Extract BITS jobs from QMGR queue and store them as CSV records
  ☆74Feb 13, 2025Updated last year
• MHaggis / sysmon-dfir

  View on GitHub
  Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.
  ☆941Dec 12, 2023Updated 2 years ago
• MarkBaggett / srum-dump

  View on GitHub
  A forensics tool to convert the data in the Windows srum (System Resource Usage Monitor) database to an xlsx spreadsheet.
  ☆750Jun 5, 2025Updated 11 months ago
• orlikoski / CyLR

  View on GitHub
  CyLR - Live Response Collection Tool
  ☆725Jun 1, 2022Updated 3 years ago
• Infocyte / PSHunt

  View on GitHub
  Powershell Threat Hunting Module
  ☆291Sep 21, 2016Updated 9 years ago
• Managed Kubernetes at scale on DigitalOcean • Ad
  DigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
• matonis / page_brute

  View on GitHub
  Page File analysis tools.
  ☆130Dec 3, 2015Updated 10 years ago
• theflakes / reg_hunter

  View on GitHub
  Blueteam operational triage registry hunting/forensic tool.
  ☆148Sep 2, 2025Updated 8 months ago
• decalage2 / ViperMonkey

  View on GitHub
  A VBA parser and emulation engine to analyze malicious macros.
  ☆1,120Jul 10, 2024Updated last year
• mattifestation / CimSweep

  View on GitHub
  CimSweep is a suite of CIM/WMI-based tools that enable the ability to perform incident response and hunting operations remotely across al…
  ☆659Aug 19, 2019Updated 6 years ago
• JPCERTCC / SysmonSearch

  View on GitHub
  Investigate suspicious activity by visualizing Sysmon's event log
  ☆431Dec 22, 2023Updated 2 years ago
• JohnLaTwC / PyPowerShellXray

  View on GitHub
  Python script to decode common encoded PowerShell scripts
  ☆216Jun 13, 2018Updated 7 years ago
• ANSSI-FR / bmc-tools

  View on GitHub
  RDP Bitmap Cache parser
  ☆658Apr 27, 2026Updated 3 weeks ago
• sans-blue-team / DeepBlueCLI

  View on GitHub
  ☆2,405Oct 14, 2023Updated 2 years ago
• SekoiaLab / Fastir_Collector

  View on GitHub
  ☆520Jan 26, 2021Updated 5 years ago
• Proton VPN Special Offer - Get 70% off • Ad
  Special partner offer. Trusted by over 100 million users worldwide. Tested, Approved and Recommended by Experts.
• RedSiege / WMImplant

  View on GitHub
  This is a PowerShell based tool that is designed to act like a RAT. Its interface is that of a shell where any command that is supported …
  ☆850Jun 25, 2024Updated last year
• sbousseaden / EVTX-ATTACK-SAMPLES

  View on GitHub
  Windows Events Attack Samples
  ☆2,560Jan 24, 2023Updated 3 years ago
• Invoke-IR / ForensicPosters

  View on GitHub
  ☆454Nov 21, 2024Updated last year
• PoorBillionaire / Windows-Prefetch-Parser

  View on GitHub
  Parse Windows Prefetch files: Supports XP - Windows 10 Prefetch files
  ☆122May 29, 2024Updated last year
• mnrkbys / vss_carver

  View on GitHub
  Carves and recreates VSS catalog and store from Windows disk image.
  ☆100Jan 24, 2023Updated 3 years ago
• CrowdStrike / Forensics

  View on GitHub
  Scripts and code referenced in CrowdStrike blog posts
  ☆340Nov 13, 2019Updated 6 years ago
• NextronSystems / APTSimulator

  View on GitHub
  A toolset to make a system look as if it was the victim of an APT attack
  ☆2,739Sep 23, 2025Updated 8 months ago