libyal / esedb-kbLinks
Extensible Storage Engine (ESE) Database File Knowledge Base
☆43Updated 10 months ago
Alternatives and similar repositories for esedb-kb
Users that are interested in esedb-kb are comparing it to the libraries listed below
Sorting:
- Windows Registry Knowledge Base☆178Updated 10 months ago
- Windows Prefetch parser. Supports all known versions from Windows XP to Windows 10.☆114Updated 7 months ago
- A PowerShell module to assist in parsing and managing catalog files.☆22Updated 8 years ago
- Event metadata collected across all manifest-based ETW providers on Window 10 1903☆31Updated 5 years ago
- Parses the WMI object database....looking for persistence☆33Updated 5 years ago
- Active Directory Group Policy analyzer☆108Updated 11 years ago
- ☆18Updated 12 years ago
- Registry Explorer bookmark definitions☆43Updated 8 months ago
- Yet another registry parser☆133Updated 3 years ago
- Binary commandline executable to parse ETL files☆67Updated 7 years ago
- A collection of Windows software baseline notes with corresponding Windows Defender Application Control (WDAC) policies☆62Updated last year
- Decode security descriptors in $Secure on NTFS☆20Updated 3 years ago
- Library and tools to access the Windows Prefetch File (SCCA) format.☆77Updated 7 months ago
- Extract common Windows artifacts from source images and VSCs☆65Updated 4 years ago
- Windows registry samples☆24Updated 6 years ago
- Parser for $UsnJrnl on NTFS☆114Updated 2 years ago
- Windows 10 (v1803+) ActivitiesCache.db parsers (SQLite, PowerShell, .EXE)☆189Updated 2 years ago
- ☆68Updated this week
- Parse Microsoft shim databases☆30Updated 7 months ago
- Documentation and supporting script sample for Windows Exploit Guard☆157Updated 3 years ago
- Lnk file parser☆88Updated 2 months ago
- Carves and recreates VSS catalog and store from Windows disk image.☆99Updated 2 years ago
- Checks with NSRL RDS servers looking for for hash matches☆114Updated 4 years ago
- Endpoint monitoring stack.☆19Updated 9 years ago
- MFT parser☆68Updated 6 months ago
- A repo that contains a recursive dump from the ROOT key of every Windows Registry hive (using KAPE) from a vanilla (clean) install of eve…☆46Updated 2 years ago
- Script for parsing Symantec Endpoint Protection logs, VBNs, and ccSubSDK database.☆65Updated 2 years ago
- PowerShell scripts for Hard Drive forensics and parsing Windows Artifacts☆56Updated 4 years ago
- This tool is the result of a reverse engineering process of the Windows service called SysMain. Time to interact with the prefetch files …☆31Updated 4 years ago
- SysmonX - An Augmented Drop-In Replacement of Sysmon☆216Updated 5 years ago