kacos2000 / WindowsTimeline
Windows 10 (v1803+) ActivitiesCache.db parsers (SQLite, PowerShell, .EXE)
☆181Updated last year
Alternatives and similar repositories for WindowsTimeline:
Users that are interested in WindowsTimeline are comparing it to the libraries listed below
- Command line access to the Registry☆135Updated 3 weeks ago
- The Office 365 Extractor is a tool that allows for complete and reliable extraction of the Unified Audit Log (UAL)☆159Updated last year
- Documentation repository☆44Updated 5 months ago
- This is a set of tools for doing forensics analysis on Microsoft ESE databases.☆124Updated 3 years ago
- Script for parsing Symantec Endpoint Protection logs, VBNs, and ccSubSDK database.☆64Updated 2 years ago
- A PowerShell incident response script for quick triage☆78Updated 2 years ago
- Get all my software☆146Updated last month
- Invoke-LiveResponse☆146Updated 2 years ago
- AppCompatCache (shimcache) parser. Supports Windows 7 (x86 and x64), Windows 8.x, and Windows 10☆113Updated last month
- Stand-alone parser for User Access Logging from Server 2012 and newer systems☆72Updated last year
- Yet another registry parser☆130Updated 2 years ago
- ☆149Updated this week
- Powershell Event Tracing Toolbox☆73Updated 2 years ago
- Win 10/11 related research☆183Updated last year
- Memory Baseliner is a script that can compare two windows memory images or perform frequency of occurrence / data stacking analysis on mu…☆51Updated last year
- A modern Python-3-based alternative to RegRipper☆191Updated 2 months ago
- Useful access control entries (ACE) on system access control list (SACL) of securable objects to find potential adversarial activity☆90Updated 3 years ago
- Windows Registry Knowledge Base☆171Updated 4 months ago
- MFT parser☆65Updated last week
- A script that updates KAPE (using Get-KAPEUpdate.ps1) as well as EZ Tools (within .\KAPE\Modules\bin) and the ancillary files that enhanc…☆55Updated last week
- C# based evtx parser with lots of extras☆288Updated last week
- A parser of Windows Defender's DetectionHistory forensic artifact, containing substantial info about quarantined files and executables.☆112Updated 3 years ago
- $MFT directory tree reconstruction & FILE record info☆297Updated 4 months ago
- An NTFS/FAT parser for digital forensics & incident response☆198Updated 3 months ago
- Extract BITS jobs from QMGR queue and store them as CSV records☆75Updated this week
- Registry Explorer bookmark definitions☆41Updated last month
- Extract common Windows artifacts from source images and VSCs☆65Updated 3 years ago
- Finds event logs between two time points. Useful for helpdesk/support/malware analysis.☆44Updated 5 years ago
- OneDriveExplorer is a command line and GUI based application for reconstructing the folder structure of OneDrive from the <UserCid>.dat a…☆189Updated this week
- Detection Ideas & Rules repository.☆179Updated 3 years ago