jschicht / NtfsFileExtractor

Related projects: ⓘ

• EricZimmerman / RegistryExplorerBookmarks
  Registry Explorer bookmark definitions
  ☆41Updated last year
• jschicht / MftRcrd
  Command line $MFT record decoder
  ☆11Updated 7 years ago
• jschicht / PowerMft
  Powerful commandline $MFT record editor.
  ☆22Updated 9 years ago
• kacos2000 / Win10LiveInfo
  Windows 10 Live Information viewer
  ☆33Updated 2 years ago
• jschicht / MftCarver
  Carve $MFT records from a chunk of data (for instance a memory dump)
  ☆16Updated 8 years ago
• msuhanov / winmem_decompress
  Extract compressed memory pages from page-aligned data
  ☆41Updated 5 years ago
• jschicht / Secure2Csv
  Decode security descriptors in $Secure on NTFS
  ☆20Updated 2 years ago
• msuhanov / regf-samples
  Windows registry samples
  ☆23Updated 5 years ago
• ArsenalRecon / GmailURLDecoder
  Gmail URL Decoder is an Open Source Python tool that can be used against plaintext or arbitrary raw data files in order to find, extract,…
  ☆52Updated 4 years ago
• davehull / VirusTotalShell
  A fork of David B Heise's VirusTotal Powershell Module
  ☆17Updated 2 years ago
• Velocidex / SQLiteHunter
  Hunt for SQLite files used by various applications
  ☆10Updated last month
• tedsmith / NSRL-Stripper
  A simple utility for stripping out either the SHA-1, MD5 or CRC values alone from the NSRL hash database
  ☆14Updated 2 years ago
• AndrewRathbun / VanillaWindowsRegistryHives
  A repo that contains a recursive dump from the ROOT key of every Windows Registry hive (using KAPE) from a vanilla (clean) install of eve…
  ☆44Updated last year
• forensicmatt / PyWindowsThingies
  Windows Thingies in Python for live use.
  ☆24Updated 5 years ago
• dfirfpi / decwindbx
  A sort of a toolkit to decrypt Dropbox Windows DBX files
  ☆30Updated 7 years ago
• 4n6ist / bulk_extractor-rec
  It is based on bulk_extractor (https://github.com/simsong/bulk_extractor) and add scanners for record carving
  ☆36Updated 4 years ago
• jschicht / ExtractUsnJrnl
  Tool to extract the $UsnJrnl from an NTFS volume
  ☆104Updated 5 years ago
• jschicht / UsnJrnl2Csv
  Parser for $UsnJrnl on NTFS
  ☆103Updated last year
• acochenour / PSInspect
  PowerShell script useful for Incident Response and security/configuration baselines for Windows Vista and later
  ☆20Updated 8 years ago
• Invoke-IR / PowerForensicsPortable
  ☆29Updated 4 years ago
• ceramicskate0 / SWELF
  Simple Windows Event Log Forwarder (SWELF). Its easy to use/simply works Log Forwarder and EVTX Parser. Almost in full release here at ht…
  ☆24Updated last year
• AlmCo / Panorama
  Fast incident overview
  ☆39Updated 7 years ago
• WiredPulse / AutomatedProfiler
  Automated forensics written in PowerShell
  ☆32Updated 4 years ago
• halpomeranz / dfis
  Digital Forensic Investigative Scripts
  ☆69Updated 3 months ago
• nannib / Imm2Virtual
  This is a GUI (for Windows 64 bit) for a procedure to virtualize your EWF(E01), DD (raw), AFF disk image file without converting it, dire…
  ☆50Updated 4 years ago
• woanware / wmi-parser
  Parses the WMI object database....looking for persistence
  ☆31Updated 4 years ago
• pcbje / pyad1
  Python library for parsing AccessData AD1 images
  ☆29Updated last year
• Silv3rHorn / autoripy
  Attempt to replicate the functions of auto_rip by Corey Harrell in Python.
  ☆13Updated last month
• counteractive / incident-response-collector
  ☆14Updated 4 years ago
• nettitude / logparser
  SQL scripts for querying event logs
  ☆21Updated 7 years ago