decalage2 / olefile
olefile is a Python package to parse, read and write Microsoft OLE2 files (also called Structured Storage, Compound File Binary Format or Compound Document File Format), such as Microsoft Office 97-2003 documents, vbaProject.bin in MS Office 2007+ files, Image Composer and FlashPix files, Outlook messages, StickyNotes, several Microscopy file fo…
☆222Updated 7 months ago
Related projects: ⓘ
- Extract embedded files and macros from office documents.☆177Updated 9 months ago
- A VBA p-code disassembler☆450Updated 3 years ago
- Pure Python parser for Windows Registry hives.☆425Updated 9 months ago
- ETW Python Library☆263Updated last year
- python eml parser module☆209Updated 4 months ago
- Tool suite for inspecting NTFS artifacts.☆213Updated 10 months ago
- Regipy is an os independent python library for parsing offline registry hives☆240Updated 3 weeks ago
- Python script to parse the NTFS USN Journal☆105Updated 2 years ago
- Windows registry file format specification☆319Updated 5 years ago
- Yet another library library (and tools)☆201Updated last week
- Library and tools to access the OLE 2 Compound File (OLECF) format☆67Updated last month
- Library and tools to access the Extensible Storage Engine (ESE) Database File (EDB) format.☆338Updated last month
- Python bindings for The Sleuth Kit (libtsk)☆90Updated 5 months ago
- Python bindings for https://github.com/omerbenamram/evtx/☆47Updated 3 weeks ago
- Balbuzard is a package of malware analysis tools in python to extract patterns of interest from suspicious files (IP addresses, domain na…☆129Updated 4 years ago
- Windows Registry Knowledge Base☆158Updated 5 months ago
- Parse YARA rules and operate over them more easily.☆172Updated 2 months ago
- Library and tools to access the Windows XML Event Log (EVTX) format☆188Updated 2 months ago
- analyzeMFT.py is designed to fully parse the MFT file from an NTFS filesystem and present the results as accurately as possible in multip…☆429Updated this week
- EVTXtract recovers and reconstructs fragments of EVTX log files from raw binary data, including unallocated space and memory images.☆180Updated 4 years ago
- Vba2Graph - Generate call graphs from VBA code, for easier analysis of malicious documents.☆272Updated 2 years ago
- Commandline low level file extractor for NTFS☆272Updated 5 years ago
- Python module to manipulate NTFS Alternate Data Stream (ADS) in Python☆56Updated 5 years ago
- Python tool and library for decrypting and encrypting MS Office files using passwords or other keys☆546Updated last month
- Pure Python parser for Application Compatibility Shim Databases (.sdb files)☆104Updated 3 years ago
- Python library to parse and read Microsoft minidump file format☆270Updated last month
- Windows Shortcut file (LNK) parser☆132Updated last year
- Pure Python parser for Windows Event Log files (.evtx)☆718Updated last month
- A tool for detecting VBA stomping.☆95Updated 2 years ago
- Library and tools to access the Windows Shortcut File (LNK) format☆190Updated 3 months ago