libyal / winevt-kbView external linksLinks
Windows Event Log Knowledge Base
☆29Dec 23, 2025Updated last month
Alternatives and similar repositories for winevt-kb
Users that are interested in winevt-kb are comparing it to the libraries listed below
Sorting:
- ReviveIT (revit) is a proof of concept file recovery tool (carver)☆12Dec 3, 2020Updated 5 years ago
- 参考taviso的代码逆向一下mpengine.dll☆20Jun 30, 2022Updated 3 years ago
- Library for Windows XML Event Log (EVTX) data types☆18Dec 17, 2025Updated last month
- ☆23Oct 9, 2024Updated last year
- Library and tools to access the Common Log File System (CLFS)☆25Dec 4, 2025Updated 2 months ago
- Primarily aimed at replicating files that cannot be directly copied due to being in use.☆11Apr 22, 2024Updated last year
- Dump macOS 1.8+ password hashes to a hashcat-compatible format☆14May 29, 2022Updated 3 years ago
- ☆29Jan 15, 2021Updated 5 years ago
- PowerShell scripts to aid investigators when utilizing O365 and Magnet Axiom.☆12Aug 26, 2024Updated last year
- A utility to force query DNS over DoH off of CloudFlare API when DNS block is in place☆10Aug 26, 2018Updated 7 years ago
- Server for receiving autorun data from the clients☆13Sep 26, 2017Updated 8 years ago
- Mimikatz embedded as classes☆28Oct 25, 2021Updated 4 years ago
- An updated C# port of X-Ways X-Tensions API.☆11Mar 12, 2018Updated 7 years ago
- Library for Object Linking and Embedding (OLE) data types☆12Nov 27, 2025Updated 2 months ago
- Windows device tree walker☆15Sep 19, 2018Updated 7 years ago
- Repo with supporting material for the talk titled "Cracking the Beacon: Automating the extraction of implant configurations"☆11Feb 6, 2025Updated last year
- Duo MFA auditing tool to test users' likelihood of approving unexpected push notifications☆13Apr 20, 2018Updated 7 years ago
- This script will generate hashes (MD5, SHA1, SHA256), submit the MD5 to Virus Total, and produce a text file with the results.☆15Jul 13, 2023Updated 2 years ago
- Library and tools to access the Windows Hibernation File (hiberfil.sys) format☆13Dec 20, 2025Updated last month
- Windows Kernel Debugger over Network (Wireshark dissector and maybe more)☆29Jan 28, 2019Updated 7 years ago
- Documentation and tools to curate Sigma rules for Windows event logs into easier to parse rules.☆16Oct 22, 2025Updated 3 months ago
- Registry to JSON. This Project is for learning purposes and is not maintained.☆12Dec 28, 2021Updated 4 years ago
- NTFS file system specimens☆13Jul 3, 2023Updated 2 years ago
- Sample evtx files to use for testing hayabusa detection rules☆64Nov 5, 2025Updated 3 months ago
- ☆30Jul 17, 2018Updated 7 years ago
- Windows user mini-dump helper library to extract data from it.☆13May 17, 2025Updated 8 months ago
- Windows Registry Knowledge Base☆195Dec 23, 2025Updated last month
- A Golang Registry parser☆19Feb 3, 2025Updated last year
- Microsoft Edge Microsoft Edge主页算法☆20Apr 15, 2019Updated 6 years ago
- An efficient tool for extracting files, directories, and alternate data streams directly from NTFS image files.☆22Feb 21, 2024Updated last year
- Small scripts and POCs related to digital forensics☆18Nov 1, 2022Updated 3 years ago
- ☆12Dec 15, 2016Updated 9 years ago
- Library and tools to access the Master Boot Record (MBR) volume system format☆14Dec 21, 2025Updated last month
- Windows Sandbox Framework☆40Dec 31, 2021Updated 4 years ago
- A utility which enables the installation of macOS Virtual Machines on non-Apple certified VMware vSphere (ESXi), VMware Workstation/Playe…☆13Oct 5, 2018Updated 7 years ago
- ☆17Apr 18, 2023Updated 2 years ago
- Library and tools to access the Windows Event Log (EVT) format☆60Dec 15, 2025Updated last month
- FastSymApi - A Fast API PDB Symbol Cache Server that efficiently caches and compresses PDBs on disk for quick and repeated retrieval.☆19Jul 10, 2025Updated 7 months ago
- Registry Miner☆14Apr 10, 2018Updated 7 years ago