herumi / msoffice
☆239Updated 11 months ago
Related projects: ⓘ
- Artifact analysis tools by JPCERT/CC Analysis Center☆451Updated 2 months ago
- Yet another library library (and tools)☆201Updated last week
- Library and tools to access the Windows XML Event Log (EVTX) format☆188Updated 2 months ago
- FileInsight-plugins: decoding toolbox of McAfee FileInsight hex editor for malware analysis☆155Updated last month
- Cuckoo Sandbox plugin for extracts configuration data of known malware☆135Updated 8 months ago
- CDIR (Cyber Defense Institute Incident Response) Collector - live collection tool based on oss tool/library☆152Updated 2 years ago
- Tool suite for inspecting NTFS artifacts.☆213Updated 10 months ago
- Python script to parse the NTFS USN Journal☆105Updated 2 years ago
- Python tool and library for decrypting and encrypting MS Office files using passwords or other keys☆546Updated last month
- An NTFS journal parser☆82Updated 8 years ago
- VBA Dynamic Hook dynamically analyzes VBA macros inside Office documents by hooking function calls☆145Updated 8 years ago
- An AFF4 C++ implementation.☆187Updated last year
- Vba2Graph - Generate call graphs from VBA code, for easier analysis of malicious documents.☆272Updated 2 years ago
- Library and tools to access the Windows Prefetch File (SCCA) format.☆70Updated last month
- Windows registry file format specification☆319Updated 5 years ago
- 分析ツール結果シート☆16Updated 6 years ago
- Checks with NSRL RDS servers looking for for hash matches☆111Updated 3 years ago
- analyzeMFT.py is designed to fully parse the MFT file from an NTFS filesystem and present the results as accurately as possible in multip…☆429Updated this week
- ☆271Updated last year
- Extract embedded files and macros from office documents.☆177Updated 9 months ago
- Library and tools to access the Volume Shadow Snapshot (VSS) format☆109Updated last month
- Library and tools to access the OLE 2 Compound File (OLECF) format☆67Updated last month
- A YARA-integrated process denial framework for Windows☆395Updated 4 years ago
- Yet another registry parser☆128Updated 2 years ago
- Library and tools to access the Extensible Storage Engine (ESE) Database File (EDB) format.☆338Updated last month
- A VBA parser and emulation engine to analyze malicious macros.☆90Updated this week
- ETW Python Library☆263Updated last year
- Command line utility and Python package to ease the (un)mounting of forensic disk images☆116Updated last year
- A VBA p-code disassembler☆450Updated 3 years ago
- An NTFS/FAT parser for digital forensics & incident response☆189Updated last year