labgeek / VFAELinks
VMDK Forensic Artifact Extractor (VFAE) is windows based tool written in C++ that extracts files with a known location from VMDK images running the Windows operating system. The tool utilizes the VDDK (Virtual Disk Development Kit) API for the heavy lifting such as mounting, opening, and reading the VMDK selected. When vfae.exe is executed, i…
☆16Updated 10 years ago
Alternatives and similar repositories for VFAE
Users that are interested in VFAE are comparing it to the libraries listed below
Sorting:
- A repo that contains a recursive dump from the ROOT key of every Windows Registry hive (using KAPE) from a vanilla (clean) install of eve…☆48Updated 2 weeks ago
- NTFS samples☆25Updated 5 years ago
- $MFT parser (from live systems or a copy of the $MFT) and raw file copy utility☆38Updated last year
- Parses RecentFileCacheParser.bcf files☆29Updated 8 months ago
- ☆19Updated 9 months ago
- ☆48Updated 9 months ago
- MFT parser☆72Updated 8 months ago
- Automatic/Custom Destinations & LNK (MS-SHLLINK) Browser☆38Updated last year
- Mount VSCs with ease!☆17Updated 8 months ago
- Windows.EDB Browser☆58Updated 2 years ago
- ☆69Updated 2 months ago
- Browse Windows Prefetch versions: 17,23,26,30v1/2,31 & some of SuperFetch .7db/.db's☆62Updated 10 months ago
- Registry Explorer bookmark definitions☆43Updated 10 months ago
- ☆59Updated last year
- lnk_parser is a full rust implementation to parse windows LNK files☆20Updated 3 months ago
- This script will generate hashes (MD5, SHA1, SHA256), submit the MD5 to Virus Total, and produce a text file with the results.☆15Updated 2 years ago
- ☆36Updated 2 years ago
- Python script for parsing ESET (NOD32) virlog.dat file.☆15Updated 8 years ago
- Extension blocks as found in ShellBags and other places in the Registry☆25Updated 9 months ago
- Parses the WMI object database....looking for persistence☆34Updated 5 years ago
- Evtx Log (xml) Browser☆55Updated 2 years ago
- A Microsoft Windows service to provide telemetry on Windows executable memory page changes to facilitate threat detection☆32Updated 5 years ago
- This is a repo for fetching Applocker event log by parsing the win-event log☆31Updated 3 years ago
- Plugins for parsing CSV files in Timeline Explorer. This project allows for anyone to add more supported files (i,e. they get a Line #/ta…☆28Updated 5 months ago
- ☆33Updated 3 years ago
- ☆45Updated last year
- Recycle bin artifact parser☆55Updated 8 months ago
- NTFS Security Descriptor Stream ($Secure:$SDS) parser☆14Updated 2 years ago
- Simple PowerShell script to enable process scanning with Yara.☆96Updated 3 years ago
- Parser for Sdba memory pool tags☆20Updated 4 years ago