libyal / libfwsi

Related projects ⓘ

Alternatives and complementary repositories for libfwsi

• EricZimmerman / Prefetch
  Windows Prefetch parser. Supports all known versions from Windows XP to Windows 10.
  ☆105Updated 3 months ago
• williballenthin / shellbags
  Cross-platform, open-source shellbag parser
  ☆149Updated last year
• EricZimmerman / Lnk
  Lnk file parser
  ☆78Updated 2 months ago
• libyal / libscca
  Library and tools to access the Windows Prefetch File (SCCA) format.
  ☆71Updated 2 months ago
• EricZimmerman / GuidMapping
  ☆15Updated 2 months ago
• jschicht / ExtractUsnJrnl
  Tool to extract the $UsnJrnl from an NTFS volume
  ☆105Updated 5 years ago
• strozfriedberg / ntfs-linker
  An NTFS journal parser
  ☆82Updated 8 years ago
• kacos2000 / Win10
  Win 10/11 related research
  ☆177Updated 10 months ago
• EricZimmerman / ExtensionBlocks
  Extension blocks as found in ShellBags and other places in the Registry
  ☆23Updated 2 months ago
• EricZimmerman / JLECmd
  Automatic and Custom Destinations jump list parser with Windows 10 support
  ☆74Updated last year
• msuhanov / yarp
  Yet another registry parser
  ☆129Updated 2 years ago
• msuhanov / regf-samples
  Windows registry samples
  ☆23Updated 5 years ago
• EricZimmerman / RegistryExplorerBookmarks
  Registry Explorer bookmark definitions
  ☆41Updated last year
• jschicht / UsnJrnl2Csv
  Parser for $UsnJrnl on NTFS
  ☆108Updated last year
• libyal / winreg-kb
  Windows Registry Knowledge Base
  ☆162Updated last month
• AndrewRathbun / VanillaWindowsRegistryHives
  A repo that contains a recursive dump from the ROOT key of every Windows Registry hive (using KAPE) from a vanilla (clean) install of eve…
  ☆43Updated last year
• kacos2000 / WindowsTimeline
  Windows 10 (v1803+) ActivitiesCache.db parsers (SQLite, PowerShell, .EXE)
  ☆177Updated last year
• EricZimmerman / Registry
  Full featured, offline Registry parser in C#
  ☆221Updated 2 months ago
• libyal / libyal
  Yet another library library (and tools)
  ☆201Updated last month
• jschicht / LogFileParser
  Parser for $LogFile on NTFS
  ☆189Updated 11 months ago
• EricZimmerman / SDB
  Parse Microsoft shim databases
  ☆28Updated 2 months ago
• luctalpe / WMIMon
  Tool to monitor WMI activity on Windows
  ☆198Updated 4 years ago
• woanware / autorunner
  Emulates the Sysinternals Autoruns tool, but for DFIR purposes e.g. multi user processing
  ☆53Updated 5 years ago
• Silv3rHorn / ArtifactExtractor
  Extract common Windows artifacts from source images and VSCs
  ☆65Updated 3 years ago
• libyal / libregf
  Library and tools to access the Windows NT Registry File (REGF) format
  ☆107Updated 2 months ago
• Paul-Tew / lifer
  Windows link file (shortcuts) examiner
  ☆67Updated 5 months ago
• nmantani / FileInsight-plugins
  FileInsight-plugins: decoding toolbox of McAfee FileInsight hex editor for malware analysis
  ☆156Updated this week
• EricZimmerman / WxTCmd
  ☆19Updated 2 years ago
• jschicht / Secure2Csv
  Decode security descriptors in $Secure on NTFS
  ☆20Updated 2 years ago