libyal / esedb-kb
Extensible Storage Engine (ESE) Database File Knowledge Base
☆43Updated 6 months ago
Alternatives and similar repositories for esedb-kb:
Users that are interested in esedb-kb are comparing it to the libraries listed below
- Decode security descriptors in $Secure on NTFS☆20Updated 3 years ago
- Windows Registry Knowledge Base☆173Updated 6 months ago
- A PowerShell module to assist in parsing and managing catalog files.☆21Updated 8 years ago
- A repo that contains a recursive dump from the ROOT key of every Windows Registry hive (using KAPE) from a vanilla (clean) install of eve…☆45Updated 2 years ago
- Registry Explorer bookmark definitions☆41Updated 4 months ago
- Windows Prefetch parser. Supports all known versions from Windows XP to Windows 10.☆112Updated 3 months ago
- Library and tools to access the Windows Prefetch File (SCCA) format.☆73Updated 3 months ago
- Library and tools to access the Microsoft Internet Explorer (MSIE) Cache File (index.dat) files☆16Updated 9 months ago
- Extract common Windows artifacts from source images and VSCs☆65Updated 3 years ago
- Event metadata collected across all manifest-based ETW providers on Window 10 1903☆31Updated 5 years ago
- An NTFS journal parser☆82Updated 9 years ago
- Parses the WMI object database....looking for persistence☆31Updated 5 years ago
- It's not just UsnJrnl (USN Journal Records/Change Journal Records) parser.☆23Updated 6 years ago
- Extract compressed memory pages from page-aligned data☆45Updated 6 years ago
- Yet another registry parser☆132Updated 3 years ago
- Windows registry samples☆23Updated 6 years ago
- Digital Forensics Windows Registry (dfWinReg)☆51Updated 4 months ago
- ☆11Updated 6 years ago
- Windows Event Log Knowledge Base☆23Updated 6 months ago
- Command line access to the Registry☆142Updated 3 weeks ago
- Analysis of file (doc, pdf, exe, ...) in deep (emmbedded file(s)) with clamscan and yara rules☆50Updated last year
- Binary commandline executable to parse ETL files☆67Updated 6 years ago
- Tools from WFA 4/e, timeline tools, etc.☆135Updated last year
- Emulates the Sysinternals Autoruns tool, but for DFIR purposes e.g. multi user processing☆55Updated 5 years ago
- PowerShell script useful for Incident Response and security/configuration baselines for Windows Vista and later☆20Updated 9 years ago
- Parser for $UsnJrnl on NTFS☆110Updated 2 years ago
- Library and tools to access the Windows Event Log (EVT) format☆59Updated 9 months ago
- $MFT parser (from live systems or a copy of the $MFT) and raw file copy utility☆36Updated 9 months ago
- All TMF files that I extracted from Microsoft PDBs.☆12Updated 5 years ago
- Visual Studio Code Microsoft Sysinternal Sysmon configuration file extension.☆51Updated last year