fireeye / BitsParser
☆146Updated 9 months ago
Alternatives and similar repositories for BitsParser:
Users that are interested in BitsParser are comparing it to the libraries listed below
- Blueteam operational triage registry hunting/forensic tool.☆145Updated last year
- A python script developed to process Windows memory images based on triage type.☆261Updated last year
- ☆86Updated last year
- Parses amcache.hve files, but with a twist!☆130Updated 2 months ago
- Command line access to the Registry☆138Updated 2 months ago
- A parser of Windows Defender's DetectionHistory forensic artifact, containing substantial info about quarantined files and executables.☆113Updated 3 years ago
- A repo that contains recursive directory listings (using PowerShell) of a vanilla (clean) install of every Windows OS version to compare …☆155Updated 4 months ago
- Digital Forensics Artifacts Knowledge Base☆80Updated 10 months ago
- A Cobalt Strike Scanner that retrieves detected Team Server beacons into a JSON object☆165Updated 2 years ago
- ☆200Updated 4 months ago
- HXTool is an extended user interface for the FireEye HX Endpoint product. HXTool can be installed on a dedicated server or on your physic…☆79Updated 9 months ago
- ☆67Updated last month
- A repository that maps API calls to Sysmon Event ID's.☆118Updated 2 years ago
- A modern Python-3-based alternative to RegRipper☆193Updated 4 months ago
- Script for parsing Symantec Endpoint Protection logs, VBNs, and ccSubSDK database.☆64Updated 2 years ago
- Stand-alone parser for User Access Logging from Server 2012 and newer systems☆72Updated last year
- YARA rule analyzer to improve rule quality and performance☆97Updated 3 months ago
- $MFT directory tree reconstruction & FILE record info☆303Updated 5 months ago
- Memory Baseliner is a script that can compare two windows memory images or perform frequency of occurrence / data stacking analysis on mu…☆52Updated last year
- Cobalt Strike Beacon configuration extractor and parser.☆151Updated 3 years ago
- Pushes Sysmon Configs☆88Updated 3 years ago
- evtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.☆151Updated 3 years ago
- A guide on how to write fast and memory friendly YARA rules☆141Updated last month
- ☆302Updated 4 years ago
- Sysmon EDR POC Build within Powershell to prove ability.☆223Updated 3 years ago
- A repository hosting example goodware evtx logs containing sample software installation and basic user interaction☆76Updated last year
- ☆90Updated 2 years ago
- A C# based tool for analysing malicious OneNote documents☆111Updated last year
- Project for identifying executables that have command-line options that can be obfuscated, possibly bypassing detection rules.☆164Updated 2 months ago
- Windows Registry Knowledge Base☆173Updated 5 months ago