libyal / libevtx
Library and tools to access the Windows XML Event Log (EVTX) format
☆188Updated 2 months ago
Related projects: ⓘ
- SysmonX - An Augmented Drop-In Replacement of Sysmon☆206Updated 5 years ago
- ☆415Updated last year
- Signature engine for all your logs☆156Updated 10 months ago
- Yet another library library (and tools)☆201Updated last week
- Events from all manifest-based and mof-based ETW providers across Windows 10 versions☆261Updated 4 months ago
- Library and tools to access the Windows Prefetch File (SCCA) format.☆70Updated 3 weeks ago
- Windows registry file format specification☆319Updated 5 years ago
- Allows you to quickly query a Windows machine for RAM artifacts☆218Updated 4 years ago
- Windows Registry Knowledge Base☆158Updated 5 months ago
- A YARA-integrated process denial framework for Windows☆395Updated 4 years ago
- ETW Python Library☆263Updated last year
- Log newly created WMI consumers and processes to the Windows Application event log☆123Updated 6 years ago
- An AFF4 C++ implementation.☆187Updated last year
- Lnk Explorer Command line edition!!☆261Updated 3 months ago
- Tool suite for inspecting NTFS artifacts.☆213Updated 10 months ago
- Comae Hibernation File Decompressor☆141Updated last year
- ☆271Updated last year
- ☆149Updated this week
- AppCompatCache (shimcache) parser. Supports Windows 7 (x86 and x64), Windows 8.x, and Windows 10☆107Updated 2 weeks ago
- ☆293Updated 4 years ago
- FileInsight-plugins: decoding toolbox of McAfee FileInsight hex editor for malware analysis☆155Updated last month
- Automatic YARA rule generation for Malpedia☆152Updated 2 years ago
- Windows Prefetch parser. Supports all known versions from Windows XP to Windows 10.☆103Updated last month
- Prefetch Explorer Command Line☆209Updated last week
- Parser for $LogFile on NTFS☆184Updated 9 months ago
- Parse evtx files and detect use of the DanderSpritz eventlogedit module☆145Updated 6 years ago
- Replay RDP traffic from PCAP☆182Updated 5 years ago
- Hollowfind is a Volatility plugin to detect different types of process hollowing techniques used in the wild to bypass, confuse, deflect …☆128Updated last year
- Generating YARA rules based on binary code☆198Updated 2 years ago
- An NTFS/FAT parser for digital forensics & incident response☆189Updated last year