kacos2000 / WindowsTimelineLinks
Windows 10 (v1803+) ActivitiesCache.db parsers (SQLite, PowerShell, .EXE)
☆189Updated 2 years ago
Alternatives and similar repositories for WindowsTimeline
Users that are interested in WindowsTimeline are comparing it to the libraries listed below
Sorting:
- Command line access to the Registry☆153Updated last month
- This is a set of tools for doing forensics analysis on Microsoft ESE databases.☆125Updated 3 years ago
- Finds event logs between two time points. Useful for helpdesk/support/malware analysis.☆47Updated 6 years ago
- ☆149Updated last year
- Invoke-LiveResponse☆148Updated 3 years ago
- Win 10/11 related research☆191Updated last year
- A modern Python-3-based alternative to RegRipper☆196Updated 4 months ago
- Registry Explorer bookmark definitions☆43Updated 8 months ago
- Stand-alone parser for User Access Logging from Server 2012 and newer systems☆75Updated last year
- ☆68Updated last week
- Script for parsing Symantec Endpoint Protection logs, VBNs, and ccSubSDK database.☆65Updated 2 years ago
- PowerSponse is a PowerShell module focused on targeted containment and remediation during incident response.☆38Updated 3 years ago
- A parser of Windows Defender's DetectionHistory forensic artifact, containing substantial info about quarantined files and executables.☆113Updated 3 years ago
- Automagically extract forensic timeline from volatile memory dump☆132Updated last year
- MFT parser☆68Updated 6 months ago
- A library for fast parse & import of Windows Eventlogs into Elasticsearch.☆85Updated 2 months ago
- Windows Registry Knowledge Base☆180Updated 10 months ago
- $MFT directory tree reconstruction & FILE record info☆310Updated 10 months ago
- A PowerShell incident response script for quick triage☆80Updated 3 years ago
- Extract BITS jobs from QMGR queue and store them as CSV records☆75Updated 6 months ago
- The Office 365 Extractor is a tool that allows for complete and reliable extraction of the Unified Audit Log (UAL)☆159Updated 2 years ago
- AppCompatCache (shimcache) parser. Supports Windows 7 (x86 and x64), Windows 8.x, and Windows 10☆122Updated 7 months ago
- Useful access control entries (ACE) on system access control list (SACL) of securable objects to find potential adversarial activity☆94Updated 3 years ago
- Powershell Event Tracing Toolbox☆76Updated 3 years ago
- A collection of Windows software baseline notes with corresponding Windows Defender Application Control (WDAC) policies☆62Updated last year
- A sample VHDX file with multiple verbose examples of forensic and anti-forensics artifacts. Meant to be basic and can be expanded upon. P…☆27Updated 2 years ago
- Parses the WMI object database....looking for persistence☆33Updated 5 years ago
- An NTFS/FAT parser for digital forensics & incident response☆208Updated 9 months ago
- Crack base64(sha256(username)) hash from Microsoft Event ID 1029☆22Updated 2 years ago
- ☆159Updated this week