labgeek / VFAELinks
VMDK Forensic Artifact Extractor (VFAE) is windows based tool written in C++ that extracts files with a known location from VMDK images running the Windows operating system. The tool utilizes the VDDK (Virtual Disk Development Kit) API for the heavy lifting such as mounting, opening, and reading the VMDK selected. When vfae.exe is executed, i…
☆15Updated 10 years ago
Alternatives and similar repositories for VFAE
Users that are interested in VFAE are comparing it to the libraries listed below
Sorting:
- A repo that contains a recursive dump from the ROOT key of every Windows Registry hive (using KAPE) from a vanilla (clean) install of eve…☆46Updated 2 years ago
- $MFT parser (from live systems or a copy of the $MFT) and raw file copy utility☆37Updated last year
- NTFS samples☆25Updated 5 years ago
- ☆93Updated 3 years ago
- Windows registry samples☆24Updated 6 years ago
- Parser for $UsnJrnl on NTFS☆114Updated 2 years ago
- Get USB Devices from Registry hives☆21Updated 3 years ago
- ☆68Updated 2 weeks ago
- MFT parser☆68Updated 7 months ago
- Binary commandline executable to parse ETL files☆68Updated 7 years ago
- Parses the WMI object database....looking for persistence☆33Updated 5 years ago
- NTFS parser, plus linking capabilites between MFT LogFile and UsnJrnl☆37Updated 9 years ago
- Lnk file parser☆88Updated 3 months ago
- A lightweight C++/C AFF4 reader library☆13Updated 2 years ago
- A Microsoft Windows service to provide telemetry on Windows executable memory page changes to facilitate threat detection☆32Updated 4 years ago
- ☆57Updated 10 months ago
- Parse Microsoft shim databases☆30Updated 7 months ago
- Python script for parsing ESET (NOD32) virlog.dat file.☆15Updated 7 years ago
- Repository containing malware analysis filters for the Windows SysInternals' - Process Monitor tool☆19Updated 4 years ago
- Extension blocks as found in ShellBags and other places in the Registry☆25Updated 7 months ago
- Tool to extract the $UsnJrnl from an NTFS volume☆108Updated 6 years ago
- Registry Explorer bookmark definitions☆43Updated 8 months ago
- Automatic/Custom Destinations & LNK (MS-SHLLINK) Browser☆37Updated last year
- Epimitheus is a tool that uses graphical database Neo4j for Windows Events visualization.☆19Updated 3 years ago
- This tool is the result of a reverse engineering process of the Windows service called SysMain. Time to interact with the prefetch files …☆31Updated 4 years ago
- Userland API monitor for threat hunting☆58Updated 5 years ago
- Windows.EDB Browser☆57Updated 2 years ago
- ☆35Updated 2 years ago
- Trace ScriptBlock execution for powershell v2☆40Updated 5 years ago
- Windows Event Log Knowledge Base☆26Updated 10 months ago