labgeek / VFAELinks
VMDK Forensic Artifact Extractor (VFAE) is windows based tool written in C++ that extracts files with a known location from VMDK images running the Windows operating system. The tool utilizes the VDDK (Virtual Disk Development Kit) API for the heavy lifting such as mounting, opening, and reading the VMDK selected. When vfae.exe is executed, i…
☆17Updated 10 years ago
Alternatives and similar repositories for VFAE
Users that are interested in VFAE are comparing it to the libraries listed below
Sorting:
- A repo that contains a recursive dump from the ROOT key of every Windows Registry hive (using KAPE) from a vanilla (clean) install of eve…☆54Updated 3 months ago
- $MFT parser (from live systems or a copy of the $MFT) and raw file copy utility☆38Updated last year
- Browse Windows Prefetch versions: 17,23,26,30v1/2,31 & some of SuperFetch .7db/.db's☆64Updated last year
- Automatic/Custom Destinations & LNK (MS-SHLLINK) Browser☆41Updated last year
- ☆76Updated last week
- C# Desktop GUI application that either performs YARA scan locally or prepares the scan in Active Directory domain environment with a few …☆36Updated 4 years ago
- Windows.EDB Browser☆60Updated 2 years ago
- Parses the WMI object database....looking for persistence☆34Updated 6 years ago
- NTFS Security Descriptor Stream ($Secure:$SDS) parser☆14Updated 3 years ago
- Timestomper and Timestamp checker with nanosecond accuracy for NTFS volumes☆51Updated 4 years ago
- lnk_parser is a full rust implementation to parse windows LNK files☆22Updated 7 months ago
- ☆98Updated 4 months ago
- ☆33Updated 3 years ago
- ☆36Updated 3 years ago
- Repository containing malware analysis filters for the Windows SysInternals' - Process Monitor tool☆20Updated 5 years ago
- ☆62Updated last year
- NTFS samples☆27Updated 5 years ago
- A Microsoft Windows service to provide telemetry on Windows executable memory page changes to facilitate threat detection☆32Updated 5 years ago
- MFT parser☆74Updated last year
- ☆20Updated last year
- ☆46Updated 2 years ago
- This is a repo for fetching Applocker event log by parsing the win-event log☆31Updated 3 years ago
- Evtx Log (xml) Browser☆57Updated 2 years ago
- Links to malware-related YARA rules☆15Updated 3 years ago
- Parses RecentFileCacheParser.bcf files☆30Updated last year
- Simple PowerShell script to enable process scanning with Yara.☆98Updated 3 years ago
- Invoke-DetectItEasy is a wrapper for excelent tool called Detect-It-Easy. This PS module is very useful for Threat Hunting and Forensics.☆30Updated 3 years ago
- Userland API monitor for threat hunting☆58Updated 5 years ago
- Configurations for DFIR ORC☆28Updated last year
- Modular malware analysis artifact collection and correlation framework☆54Updated last year