Alternatives and similar repositories for esedb-kb:

Users that are interested in esedb-kb are comparing it to the libraries listed below

• libyal / winreg-kb
  Windows Registry Knowledge Base
  ☆173Updated 5 months ago
• jschicht / Secure2Csv
  Decode security descriptors in $Secure on NTFS
  ☆20Updated 3 years ago
• libyal / libscca
  Library and tools to access the Windows Prefetch File (SCCA) format.
  ☆73Updated 3 months ago
• mattifestation / WindowsEventLogMetadata
  Event metadata collected across all manifest-based ETW providers on Window 10 1903
  ☆31Updated 5 years ago
• libyal / libmsiecf
  Library and tools to access the Microsoft Internet Explorer (MSIE) Cache File (index.dat) files
  ☆16Updated 8 months ago
• mattifestation / CatalogTools
  A PowerShell module to assist in parsing and managing catalog files.
  ☆21Updated 8 years ago
• forensiclunch / ETLParser
  Binary commandline executable to parse ETL files
  ☆67Updated 6 years ago
• mattifestation / MSFTTraceMessageFormat
  All TMF files that I extracted from Microsoft PDBs.
  ☆12Updated 5 years ago
• EricZimmerman / RegistryExplorerBookmarks
  Registry Explorer bookmark definitions
  ☆41Updated 3 months ago
• woanware / wmi-parser
  Parses the WMI object database....looking for persistence
  ☆31Updated 5 years ago
• lprat / static_file_analysis
  Analysis of file (doc, pdf, exe, ...) in deep (emmbedded file(s)) with clamscan and yara rules
  ☆50Updated last year
• Silv3rHorn / ArtifactExtractor
  Extract common Windows artifacts from source images and VSCs
  ☆65Updated 3 years ago
• realparisi / WMI_Monitor
  Log newly created WMI consumers and processes to the Windows Application event log
  ☆124Updated 7 years ago
• dfirfpi / dpapilab
  Windows DPAPI laboratory
  ☆90Updated 7 years ago
• log2timeline / dfwinreg
  Digital Forensics Windows Registry (dfWinReg)
  ☆51Updated 3 months ago
• adamdriscoll / AMSI
  PowerShell Module for the Antimalware Scan Interface (AMSI)
  ☆25Updated 8 years ago
• woanware / autorunner
  Emulates the Sysinternals Autoruns tool, but for DFIR purposes e.g. multi user processing
  ☆55Updated 5 years ago
• 4n6ist / usn_analytics
  It's not just UsnJrnl (USN Journal Records/Change Journal Records) parser.
  ☆23Updated 6 years ago
• matthewdunwoody / block-parser
  Parser for Windows PowerShell script block logs
  ☆95Updated 7 months ago
• Invoke-IR / Presentations
  ☆30Updated 8 years ago
• rjhansen / nsrllookup
  Checks with NSRL RDS servers looking for for hash matches
  ☆114Updated 4 years ago
• msuhanov / yarp
  Yet another registry parser
  ☆131Updated 2 years ago
• mattifestation / DeviceGuardBypassMitigationRules
  A reference Device Guard code integrity policy consisting of FilePublisher deny rules for published Device Guard configuration bypasses
  ☆115Updated 7 years ago
• airbus-cert / PSTrace
  Trace ScriptBlock execution for powershell v2
  ☆40Updated 5 years ago
• darkoperator / vscode-sysmon
  Visual Studio Code Microsoft Sysinternal Sysmon configuration file extension.
  ☆51Updated last year
• strozfriedberg / ntfs-linker
  An NTFS journal parser
  ☆82Updated 9 years ago
• nasbench / procmon-malware-analysis-filters
  Repository containing malware analysis filters for the Windows SysInternals' - Process Monitor tool
  ☆15Updated 4 years ago
• nccgroup / yaml2yara
  Generate bulk YARA rules from YAML input
  ☆22Updated 5 years ago
• palantir / exploitguard
  Documentation and supporting script sample for Windows Exploit Guard
  ☆156Updated 3 years ago
• msuhanov / regf-samples
  Windows registry samples
  ☆23Updated 6 years ago