kacos2000 / WindowsTimeline

Related projects ⓘ

Alternatives and complementary repositories for WindowsTimeline

• EricZimmerman / RECmd
  Command line access to the Registry
  ☆130Updated last week
• MarkBaggett / ese-analyst
  This is a set of tools for doing forensics analysis on Microsoft ESE databases.
  ☆123Updated 2 years ago
• JoeyRentenaar / Office-365-Extractor
  The Office 365 Extractor is a tool that allows for complete and reliable extraction of the Unified Audit Log (UAL)
  ☆159Updated last year
• EricZimmerman / Get-ZimmermanTools
  Get all my software
  ☆141Updated last month
• mgreen27 / Invoke-LiveResponse
  Invoke-LiveResponse
  ☆145Updated 2 years ago
• jklepsercyber / defender-detectionhistory-parser
  A parser of Windows Defender's DetectionHistory forensic artifact, containing substantial info about quarantined files and executables.
  ☆109Updated 2 years ago
• AndrewRathbun / VanillaWindowsReference
  A repo that contains recursive directory listings (using PowerShell) of a vanilla (clean) install of every Windows OS version to compare …
  ☆145Updated last month
• ANSSI-FR / bits_parser
  Extract BITS jobs from QMGR queue and store them as CSV records
  ☆74Updated 4 months ago
• EricZimmerman / AppCompatCacheParser
  AppCompatCache (shimcache) parser. Supports Windows 7 (x86 and x64), Windows 8.x, and Windows 10
  ☆109Updated last week
• kacos2000 / MFT_Browser
  $MFT directory tree reconstruction & FILE record info
  ☆292Updated last month
• EricZimmerman / RegistryPlugins
  ☆60Updated last week
• EricZimmerman / evtx
  C# based evtx parser with lots of extras
  ☆280Updated 2 months ago
• Beercow / OneDriveExplorer
  OneDriveExplorer is a command line and GUI based application for reconstructing the folder structure of OneDrive from the <UserCid>.dat a…
  ☆181Updated last week
• brimorlabs / KStrike
  Stand-alone parser for User Access Logging from Server 2012 and newer systems
  ☆71Updated 10 months ago
• msuhanov / yarp
  Yet another registry parser
  ☆129Updated 2 years ago
• EricZimmerman / KapeDocs
  Documentation repository
  ☆43Updated 2 months ago
• kacos2000 / Win10
  Win 10/11 related research
  ☆177Updated 10 months ago
• airbus-cert / regrippy
  A modern Python-3-based alternative to RegRipper
  ☆187Updated this week
• fireeye / BitsParser
  ☆141Updated 5 months ago
• EricZimmerman / RegistryExplorerBookmarks
  Registry Explorer bookmark definitions
  ☆41Updated last year
• EricZimmerman / Srum
  ☆36Updated 2 months ago
• nov3mb3r / trident
  A PowerShell incident response script for quick triage
  ☆75Updated 2 years ago
• Silv3rHorn / ArtifactExtractor
  Extract common Windows artifacts from source images and VSCs
  ☆65Updated 3 years ago
• libyal / winreg-kb
  Windows Registry Knowledge Base
  ☆162Updated last month
• EricZimmerman / MFT
  MFT parser
  ☆61Updated 7 months ago
• muteb / Hoarder
  This script is made to collect the most valiable artifacts for foreniscs or incident reponse investigation rather than imaging the whole …
  ☆192Updated 4 years ago
• Beercow / SEPparser
  Script for parsing Symantec Endpoint Protection logs, VBNs, and ccSubSDK database.
  ☆63Updated last year
• EricZimmerman / MFTECmd
  Parses $MFT from NTFS file systems
  ☆198Updated last week
• EricZimmerman / bstrings
  A better strings utility!
  ☆120Updated last year
• jsecurity101 / Windows-API-To-Sysmon-Events
  A repository that maps API calls to Sysmon Event ID's.
  ☆116Updated last year