libyal / esedb-kbLinks
Extensible Storage Engine (ESE) Database File Knowledge Base
☆44Updated last week
Alternatives and similar repositories for esedb-kb
Users that are interested in esedb-kb are comparing it to the libraries listed below
Sorting:
- Windows Registry Knowledge Base☆186Updated last week
- Windows Prefetch parser. Supports all known versions from Windows XP to Windows 10.☆114Updated 9 months ago
- Library and tools to access the Windows Prefetch File (SCCA) format.☆80Updated last month
- ☆69Updated 2 months ago
- Parses the WMI object database....looking for persistence☆34Updated 5 years ago
- Registry Explorer bookmark definitions☆43Updated 10 months ago
- Binary commandline executable to parse ETL files☆68Updated 7 years ago
- ☆18Updated 12 years ago
- Event metadata collected across all manifest-based ETW providers on Window 10 1903☆31Updated 5 years ago
- Decode security descriptors in $Secure on NTFS☆21Updated 3 years ago
- AppCompatCache (shimcache) parser. Supports Windows 7 (x86 and x64), Windows 8.x, and Windows 10☆124Updated 9 months ago
- Windows registry samples☆24Updated 6 years ago
- Yet another registry parser☆136Updated 3 years ago
- NTFS parser, plus linking capabilites between MFT LogFile and UsnJrnl☆38Updated 9 years ago
- Parser for $UsnJrnl on NTFS☆117Updated 2 years ago
- Parse Microsoft shim databases☆31Updated 9 months ago
- $MFT parser (from live systems or a copy of the $MFT) and raw file copy utility☆38Updated last year
- Windows 10 (v1803+) ActivitiesCache.db parsers (SQLite, PowerShell, .EXE)☆195Updated 2 years ago
- SysInternals' Process Monitor filters repository - collected from various places and made up by myself. To be used for quick Behavioral a…☆70Updated 4 years ago
- Script for parsing Symantec Endpoint Protection logs, VBNs, and ccSubSDK database.☆65Updated 2 years ago
- MFT parser☆72Updated 8 months ago
- SysmonX - An Augmented Drop-In Replacement of Sysmon☆214Updated 6 years ago
- Extract compressed memory pages from page-aligned data☆46Updated 7 years ago
- This tool is the result of a reverse engineering process of the Windows service called SysMain. Time to interact with the prefetch files …☆31Updated 4 years ago
- An Incident Response tool that visualizes historic process execution evidence (based on Event ID 4688 - Process Creation Event) in a tree…☆60Updated 7 years ago
- PowerShell scripts for Hard Drive forensics and parsing Windows Artifacts☆56Updated 5 years ago
- A repo that contains a recursive dump from the ROOT key of every Windows Registry hive (using KAPE) from a vanilla (clean) install of eve…☆48Updated 3 weeks ago
- ☆150Updated last year
- Command line access to the Registry☆157Updated last week
- Event Trace Log file parser in pure Python☆149Updated 4 years ago