labgeek / VFAELinks
VMDK Forensic Artifact Extractor (VFAE) is windows based tool written in C++ that extracts files with a known location from VMDK images running the Windows operating system. The tool utilizes the VDDK (Virtual Disk Development Kit) API for the heavy lifting such as mounting, opening, and reading the VMDK selected. When vfae.exe is executed, i…
☆17Updated 10 years ago
Alternatives and similar repositories for VFAE
Users that are interested in VFAE are comparing it to the libraries listed below
Sorting:
- Timestomper and Timestamp checker with nanosecond accuracy for NTFS volumes☆51Updated 4 years ago
- A repo that contains a recursive dump from the ROOT key of every Windows Registry hive (using KAPE) from a vanilla (clean) install of eve…☆54Updated 3 months ago
- This tool is the result of a reverse engineering process of the Windows service called SysMain. Time to interact with the prefetch files …☆33Updated 5 years ago
- $MFT parser (from live systems or a copy of the $MFT) and raw file copy utility☆38Updated last year
- A Microsoft Windows service to provide telemetry on Windows executable memory page changes to facilitate threat detection☆32Updated 5 years ago
- ☆98Updated 4 months ago
- A collection of free miscellaneous Windows tools☆142Updated 6 months ago
- A lightweight C++/C AFF4 reader library☆14Updated last week
- ☆46Updated 2 years ago
- Userland API monitor for threat hunting☆58Updated 5 years ago
- Repository containing malware analysis filters for the Windows SysInternals' - Process Monitor tool☆20Updated 5 years ago
- Windows Event Log Knowledge Base☆29Updated last month
- C# Desktop GUI application that either performs YARA scan locally or prepares the scan in Active Directory domain environment with a few …☆36Updated 4 years ago
- Browse Windows Prefetch versions: 17,23,26,30v1/2,31 & some of SuperFetch .7db/.db's☆64Updated last year
- Automatic/Custom Destinations & LNK (MS-SHLLINK) Browser☆41Updated last year
- Windows.EDB Browser☆60Updated 2 years ago
- ☆62Updated last year
- Simple PowerShell script to enable process scanning with Yara.☆98Updated 3 years ago
- Quickly search for references to a GUID in DLLs, EXEs, and drivers☆75Updated 4 years ago
- A collection of Tools and Rules for decoding Brute Ratel C4 badgers☆66Updated 3 years ago
- Live memory analysis detecting malware IOCs in processes, modules, handles, tokens, threads, .NET assemblies, memory address space and en…☆44Updated last year
- API Set Viewer☆91Updated last year
- Windows user-land hooks manipulation tool.☆146Updated 4 years ago
- ☆21Updated 3 years ago
- ☆152Updated last year
- The Console Monitor Driver is a KMDF kernel-mode filter driver that captures certain Fast I/O operations (input and output) that is sent …☆41Updated 3 years ago
- Epimitheus is a tool that uses graphical database Neo4j for Windows Events visualization.☆19Updated 3 years ago
- SysInternals' Process Monitor filters repository - collected from various places and made up by myself. To be used for quick Behavioral a…☆70Updated 4 years ago
- ☆33Updated 3 years ago
- This is a repo for fetching Applocker event log by parsing the win-event log☆31Updated 3 years ago