libyal / esedb-kbLinks
Extensible Storage Engine (ESE) Database File Knowledge Base
☆43Updated 9 months ago
Alternatives and similar repositories for esedb-kb
Users that are interested in esedb-kb are comparing it to the libraries listed below
Sorting:
- Windows Registry Knowledge Base☆177Updated 9 months ago
- A PowerShell module to assist in parsing and managing catalog files.☆22Updated 8 years ago
- SysInternals' Process Monitor filters repository - collected from various places and made up by myself. To be used for quick Behavioral a…☆68Updated 3 years ago
- Binary commandline executable to parse ETL files☆67Updated 7 years ago
- Windows Prefetch parser. Supports all known versions from Windows XP to Windows 10.☆114Updated 6 months ago
- Decode security descriptors in $Secure on NTFS☆20Updated 3 years ago
- Registry Explorer bookmark definitions☆43Updated 7 months ago
- Windows registry samples☆24Updated 6 years ago
- A repo that contains a recursive dump from the ROOT key of every Windows Registry hive (using KAPE) from a vanilla (clean) install of eve…☆46Updated 2 years ago
- Library and tools to access the Windows Prefetch File (SCCA) format.☆76Updated 7 months ago
- Event metadata collected across all manifest-based ETW providers on Window 10 1903☆31Updated 5 years ago
- ☆18Updated 12 years ago
- Parses the WMI object database....looking for persistence☆32Updated 5 years ago
- ☆68Updated 3 weeks ago
- Extract compressed memory pages from page-aligned data☆46Updated 6 years ago
- ☆20Updated 6 months ago
- Scripts and tools created for appx analysis talk (Magnet summit 2019)☆16Updated last year
- Parse Microsoft shim databases☆30Updated 6 months ago
- This tool is the result of a reverse engineering process of the Windows service called SysMain. Time to interact with the prefetch files …☆31Updated 4 years ago
- Yet another registry parser☆133Updated 3 years ago
- Windows 10 (v1803+) ActivitiesCache.db parsers (SQLite, PowerShell, .EXE)☆189Updated 2 years ago
- $MFT parser (from live systems or a copy of the $MFT) and raw file copy utility☆37Updated last year
- Repository containing malware analysis filters for the Windows SysInternals' - Process Monitor tool☆18Updated 4 years ago
- Active Directory Group Policy analyzer☆106Updated 11 years ago
- Read Windows message table entries.☆11Updated 2 years ago
- A collection of Windows software baseline notes with corresponding Windows Defender Application Control (WDAC) policies☆62Updated last year
- Parser for $UsnJrnl on NTFS☆113Updated 2 years ago
- MFT parser☆68Updated 6 months ago
- Script for parsing Symantec Endpoint Protection logs, VBNs, and ccSubSDK database.☆65Updated 2 years ago
- A collection of free miscellaneous Windows tools☆135Updated last week