kkoha / EvtxCarv
recovers and reconstructs fragmented Evtx files from disk images, memory dumps, pagefiles and unallocated space
☆13Updated 9 years ago
Alternatives and similar repositories for EvtxCarv:
Users that are interested in EvtxCarv are comparing it to the libraries listed below
- Windows registry files interactive viewer☆9Updated 7 years ago
- Handy WMI query tool.☆12Updated 8 years ago
- The project is a demo solution for one of the anti-rootkit techniques aimed on overcoming splicers☆34Updated 7 years ago
- Common Malware Techniques☆13Updated last year
- ☆9Updated 10 years ago
- Windows Kernel Mode PCRE☆10Updated 9 years ago
- Windows device tree walker☆15Updated 6 years ago
- Framework complet d'analyse de malware☆12Updated 8 years ago
- User-mode process cross-checking utility intended to detect naive malware hiding itself by hooking IAT/EAT.☆19Updated 8 years ago
- Notes my learning steps about Windows-NT☆23Updated 7 years ago
- ☆10Updated 8 years ago
- Use Windows Management Instrumentation interfaces to perform actions on a Windows system from a Linux System☆16Updated 12 years ago
- Lists work items being queued currently.☆13Updated 9 years ago
- Event Tracing for Windows Custom Events☆21Updated 9 years ago
- ☆15Updated 9 years ago
- simple plugin for lastest olly versions to display the callstack☆16Updated 11 years ago
- ☆13Updated 7 years ago
- wow64 syscall filter☆13Updated 10 years ago
- Kernel mode windows NT API logger☆22Updated 5 years ago
- windows kernel File redirection☆20Updated 10 years ago
- User-mode kernel callback framework☆10Updated 11 years ago
- ☆14Updated 9 years ago
- PE Infector/Cryptor source code☆15Updated 7 years ago
- ☆16Updated 8 years ago
- IDA Pro plug-in and tools for displaying 3D graphs of procedures using UbiGraph☆25Updated 11 years ago
- Obtain remote process cookies by performing a brute-force attack on ntdll.RtlDecodePointer using known pointer encodings.☆22Updated 7 years ago