Alternatives and similar repositories for evtxtoelk

Users that are interested in evtxtoelk are comparing it to the libraries listed below

• msuhanov / regf-samples

  View on GitHub
  Windows registry samples
  ☆24Nov 18, 2018Updated 7 years ago
• williballenthin / python-evtx

  View on GitHub
  Pure Python parser for Windows Event Log files (.evtx)
  ☆763Jun 18, 2025Updated 7 months ago
• dgunter / ParseZeekLogs

  View on GitHub
  Utility for parsing Bro log files into CSV or JSON format
  ☆41Jan 12, 2023Updated 3 years ago
• JPCERTCC / SysmonSearch

  View on GitHub
  Investigate suspicious activity by visualizing Sysmon's event log
  ☆431Dec 22, 2023Updated 2 years ago
• ydkhatri / Appx-Analysis

  View on GitHub
  Scripts and tools created for appx analysis talk (Magnet summit 2019)
  ☆19Feb 26, 2024Updated last year
• forensicmatt / RustyReg

  View on GitHub
  Registry to JSON. This Project is for learning purposes and is not maintained.
  ☆12Dec 28, 2021Updated 4 years ago
• devgc / EventMonkey

  View on GitHub
  A Windows Event Processing Utility
  ☆47Feb 21, 2018Updated 7 years ago
• KasperskyLab / ForensicsTools

  View on GitHub
  Tools for DFIR
  ☆120Jan 25, 2018Updated 8 years ago
• zerber0s / mac_int

  View on GitHub
  macOS Artifact Intelligence Tool
  ☆13Apr 30, 2019Updated 6 years ago
• sbousseaden / EVTX-ATTACK-SAMPLES

  View on GitHub
  Windows Events Attack Samples
  ☆2,507Jan 24, 2023Updated 3 years ago
• sumeshi / evtx2es

  View on GitHub
  A library for fast parse & import of Windows Eventlogs into Elasticsearch.
  ☆86Jun 23, 2025Updated 7 months ago
• jordisk / TheHive2Sigma

  View on GitHub
  Python script to automatically create sigma rules from The hive observables
  ☆25Mar 17, 2019Updated 6 years ago
• THIBER-ORG / userline

  View on GitHub
  Query and report user logons relations from MS Windows Security Events
  ☆243Aug 9, 2018Updated 7 years ago
• jschicht / MftCarver

  View on GitHub
  Carve $MFT records from a chunk of data (for instance a memory dump)
  ☆16Aug 21, 2016Updated 9 years ago
• msuhanov / winmem_decompress

  View on GitHub
  Extract compressed memory pages from page-aligned data
  ☆47Sep 25, 2018Updated 7 years ago
• CERT-Polska / mquery

  View on GitHub
  YARA malware query accelerator (web frontend)
  ☆437Feb 3, 2026Updated last week
• JPCERTCC / LogonTracer

  View on GitHub
  Investigate malicious Windows logon by visualizing and analyzing Windows event log
  ☆3,049Oct 19, 2025Updated 3 months ago
• grayfold3d / POSH-Triage

  View on GitHub
  Tools for parsing Forensic images
  ☆41Dec 14, 2018Updated 7 years ago
• forensiclunch / ETLParser

  View on GitHub
  Binary commandline executable to parse ETL files
  ☆69Jun 7, 2018Updated 7 years ago
• mbevilacqua / appcompatprocessor

  View on GitHub
  "Evolving AppCompat/AmCache data analysis beyond grep"
  ☆209Sep 15, 2021Updated 4 years ago
• vavarachen / evtx2json

  View on GitHub
  A tool to convert Windows evtx files (Windows Event Log Files) into JSON format and log to Splunk (optional) using HTTP Event Collector.
  ☆58Apr 8, 2022Updated 3 years ago
• JR0driguezB / malware_analysis

  View on GitHub
  Various snippets created during malware analysis
  ☆22Apr 29, 2018Updated 7 years ago
• tsale / Threat-Intelligence-Playbooks

  View on GitHub
  High-level Threat Intelligence playbooks
  ☆20Mar 6, 2021Updated 4 years ago
• EricZimmerman / Sum

  View on GitHub
  ☆20Jan 10, 2025Updated last year
• yampelo / beagle

  View on GitHub
  Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.
  ☆1,339Dec 13, 2022Updated 3 years ago
• DissectMalware / MalwareCMDMonitor

  View on GitHub
  Shows command lines used by latest instances analyzed on Hybrid-Analysis
  ☆42Sep 18, 2018Updated 7 years ago
• theflakes / reg_hunter

  View on GitHub
  Blueteam operational triage registry hunting/forensic tool.
  ☆149Sep 2, 2025Updated 5 months ago
• bsi-group / autorun-logger-server

  View on GitHub
  Server for receiving autorun data from the clients
  ☆13Sep 26, 2017Updated 8 years ago
• mass-project / mass_server

  View on GitHub
  Malware Analysis and Storage System - Server repository
  ☆12Jul 15, 2022Updated 3 years ago
• AlienVault-OTX / yabin

  View on GitHub
  A Yara rule generator for finding related samples and hunting
  ☆162Sep 11, 2022Updated 3 years ago
• wagga40 / Zircolite

  View on GitHub
  A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs
  ☆780Updated this week
• sans-blue-team / blue-team-wiki

  View on GitHub
  Tools, techniques, cheat sheets, and other resources to assist those defending organizations and detecting adversaries
  ☆457Feb 4, 2022Updated 4 years ago
• zacbrown / PowerKrabsEtw

  View on GitHub
  PowerKrabsEtw is a PowerShell interface for doing real-time ETW tracing.
  ☆103Nov 17, 2020Updated 5 years ago
• orlikoski / CyLR

  View on GitHub
  CyLR - Live Response Collection Tool
  ☆708Jun 1, 2022Updated 3 years ago
• tylabs / dovehawk

  View on GitHub
  Dovehawk is a Zeek module that automatically imports MISP indicators and reports Sightings
  ☆122Jul 12, 2021Updated 4 years ago
• philhagen / sof-elk

  View on GitHub
  Configuration files for the SOF-ELK VM
  ☆1,715Jan 21, 2026Updated 3 weeks ago
• MatthewClarkMay / fTriage

  View on GitHub
  Automating forensic data extraction, reduction, and overall triage of cold disk and memory images.
  ☆21Mar 12, 2019Updated 6 years ago
• MotiBa / ProcessMonitorAnalyzeMalware

  View on GitHub
  Script to parse Process Monitor XML log file, and give you a summary report.
  ☆24May 4, 2016Updated 9 years ago
• daguy666 / Transit

  View on GitHub
  MacOS incident Response Toolkit. Mostly written while stuck on a NJTransit train.
  ☆20Feb 20, 2020Updated 5 years ago