kacos2000 / WinHex_Templates

Related projects: ⓘ

• libyal / libregf
  Library and tools to access the Windows NT Registry File (REGF) format
  ☆103Updated last month
• lifenjoiner / sendto-plus
  Windows 右键“发送到”接力；分组“发送到”；用指定程序打开；启动器；组织你的工具箱。 Send what sent to me to my 'sendto' for Windows; open with specified program; group sendto…
  ☆22Updated 9 months ago
• libyal / winreg-kb
  Windows Registry Knowledge Base
  ☆158Updated 5 months ago
• libyal / libscca
  Library and tools to access the Windows Prefetch File (SCCA) format.
  ☆70Updated last month
• EricZimmerman / WxTCmd
  ☆19Updated 2 years ago
• EricZimmerman / SDB
  Parse Microsoft shim databases
  ☆28Updated 2 weeks ago
• EricZimmerman / MFT
  MFT parser
  ☆58Updated 6 months ago
• kacos2000 / WinEDB
  Windows.EDB Browser
  ☆53Updated last year
• EricZimmerman / RegistryPlugins
  ☆59Updated 2 months ago
• ufrisk / MemProcFS-plugins
  ☆53Updated 3 years ago
• EricZimmerman / VSCMount
  Mount VSCs with ease!
  ☆14Updated last year
• tccontre / KnowledgeBase
  Collection of tips, tools, arsenal and techniques I've learned during RE and other CyberSecStuff
  ☆53Updated 4 months ago
• EricZimmerman / ExtensionBlocks
  Extension blocks as found in ShellBags and other places in the Registry
  ☆23Updated 2 weeks ago
• dr-anoroc / rawccopy
  Command line utility for copying files on NTFS using low level disk access
  ☆32Updated 5 months ago
• sumeshi / ntfsfind
  An efficient tool for search files, directories, and alternate data streams directly from NTFS image files.
  ☆19Updated 6 months ago
• AndrewRathbun / VanillaWindowsRegistryHives
  A repo that contains a recursive dump from the ROOT key of every Windows Registry hive (using KAPE) from a vanilla (clean) install of eve…
  ☆44Updated last year
• 0xeb / WinTools
  A collection of free miscellaneous Windows tools
  ☆118Updated 3 weeks ago
• kacos2000 / Prefetch-Browser
  Browse Windows Prefetch versions: 17,23,26,30v1/2 & some of SuperFetch .7db/.db's
  ☆39Updated 7 months ago
• sumeshi / ntfsdump
  An efficient tool for extracting files, directories, and alternate data streams directly from NTFS image files.
  ☆17Updated 6 months ago
• Chuyu-Team / libkcrt
  Provide an easy way to use C Run-time Library from Windows Kernel exported from ntdll.dll in your user-mode applications
  ☆51Updated last month
• erwan2212 / NTHASH-FPC
  ☆33Updated last year
• EricZimmerman / AppCompatCacheParser
  AppCompatCache (shimcache) parser. Supports Windows 7 (x86 and x64), Windows 8.x, and Windows 10
  ☆107Updated 2 weeks ago
• jschicht / ExtractUsnJrnl
  Tool to extract the $UsnJrnl from an NTFS volume
  ☆104Updated 5 years ago
• kacos2000 / Jumplist-Browser
  Automatic/Custom Destinations & LNK (MS-SHLLINK) Browser
  ☆30Updated 6 months ago
• EricZimmerman / Lnk
  Lnk file parser
  ☆78Updated 2 weeks ago
• NTFSparse / ntfs_parse
  NTFS parser, plus linking capabilites between MFT LogFile and UsnJrnl
  ☆36Updated 8 years ago
• elastic / die-python
  Native Python3 bindings for @horsicq's Detect-It-Easy
  ☆40Updated 3 weeks ago
• EricZimmerman / RecentFileCacheParser
  Parses RecentFileCacheParser.bcf files
  ☆24Updated 2 weeks ago
• memoryforensics1 / VolExp
  volatility explorer
  ☆90Updated 3 years ago
• labgeek / VFAE
  VMDK Forensic Artifact Extractor (VFAE) is windows based tool written in C++ that extracts files with a known location from VMDK images r…
  ☆15Updated 9 years ago