libyal / esedb-kb
Extensible Storage Engine (ESE) Database File Knowledge Base
☆43Updated 5 months ago
Alternatives and similar repositories for esedb-kb:
Users that are interested in esedb-kb are comparing it to the libraries listed below
- Windows Registry Knowledge Base☆173Updated 5 months ago
- Decode security descriptors in $Secure on NTFS☆20Updated 3 years ago
- Library and tools to access the Windows Prefetch File (SCCA) format.☆73Updated 3 months ago
- Event metadata collected across all manifest-based ETW providers on Window 10 1903☆31Updated 5 years ago
- Library and tools to access the Microsoft Internet Explorer (MSIE) Cache File (index.dat) files☆16Updated 8 months ago
- A PowerShell module to assist in parsing and managing catalog files.☆21Updated 8 years ago
- Binary commandline executable to parse ETL files☆67Updated 6 years ago
- All TMF files that I extracted from Microsoft PDBs.☆12Updated 5 years ago
- Registry Explorer bookmark definitions☆41Updated 3 months ago
- Parses the WMI object database....looking for persistence☆31Updated 5 years ago
- Analysis of file (doc, pdf, exe, ...) in deep (emmbedded file(s)) with clamscan and yara rules☆50Updated last year
- Extract common Windows artifacts from source images and VSCs☆65Updated 3 years ago
- Log newly created WMI consumers and processes to the Windows Application event log☆124Updated 7 years ago
- Windows DPAPI laboratory☆90Updated 7 years ago
- Digital Forensics Windows Registry (dfWinReg)☆51Updated 3 months ago
- PowerShell Module for the Antimalware Scan Interface (AMSI)☆25Updated 8 years ago
- Emulates the Sysinternals Autoruns tool, but for DFIR purposes e.g. multi user processing☆55Updated 5 years ago
- It's not just UsnJrnl (USN Journal Records/Change Journal Records) parser.☆23Updated 6 years ago
- Parser for Windows PowerShell script block logs☆95Updated 7 months ago
- ☆30Updated 8 years ago
- Checks with NSRL RDS servers looking for for hash matches☆114Updated 4 years ago
- Yet another registry parser☆131Updated 2 years ago
- A reference Device Guard code integrity policy consisting of FilePublisher deny rules for published Device Guard configuration bypasses☆115Updated 7 years ago
- Trace ScriptBlock execution for powershell v2☆40Updated 5 years ago
- Visual Studio Code Microsoft Sysinternal Sysmon configuration file extension.☆51Updated last year
- An NTFS journal parser☆82Updated 9 years ago
- Repository containing malware analysis filters for the Windows SysInternals' - Process Monitor tool☆15Updated 4 years ago
- Generate bulk YARA rules from YAML input☆22Updated 5 years ago
- Documentation and supporting script sample for Windows Exploit Guard☆156Updated 3 years ago
- Windows registry samples☆23Updated 6 years ago