mdawsonuk / LevelDBDumper

Related projects: ⓘ

• forensicmatt / libtsk-rs
  Wrapper for TSK (Sleuth Kit) Bindings
  ☆11Updated last year
• harelsegev / INDXRipper
  Carve file metadata from NTFS index ($I30) attributes
  ☆58Updated 7 months ago
• EricZimmerman / MFT
  MFT parser
  ☆58Updated 6 months ago
• sumeshi / ntfsfind
  An efficient tool for search files, directories, and alternate data streams directly from NTFS image files.
  ☆19Updated 7 months ago
• strozfriedberg / notatin
  A Windows registry file parser written in Rust
  ☆35Updated last year
• NextronSystems / gimphash
  Imphash-like calculation on Golang binaries
  ☆48Updated 2 years ago
• dfirlabs / ntfs-specimens
  NTFS file system specimens
  ☆13Updated last year
• erichutchins / geoipsed
  Fast, inline geolocation decoration of IPv4 and IPv6 addresses written in Rust
  ☆25Updated 8 months ago
• AndrewRathbun / VanillaWindowsRegistryHives
  A repo that contains a recursive dump from the ROOT key of every Windows Registry hive (using KAPE) from a vanilla (clean) install of eve…
  ☆44Updated last year
• omerbenamram / mft
  A parser for the MFT (Master File Table) format
  ☆124Updated last year
• jklepsercyber / defender-detectionhistory-parser
  A parser of Windows Defender's DetectionHistory forensic artifact, containing substantial info about quarantined files and executables.
  ☆109Updated 2 years ago
• avast / yls
  YARA Language Server
  ☆67Updated 5 months ago
• Velocidex / go-ese
  Go implementation of an Extensible Storage Engine parser
  ☆26Updated 7 months ago
• fox-it / dissect.target
  The Dissect module tying all other Dissect modules together. It provides a programming API and command line tools which allow easy access…
  ☆41Updated this week
• limbenjamin / nTimetools
  Timestomper and Timestamp checker with nanosecond accuracy for NTFS volumes
  ☆43Updated 3 years ago
• avast / yari
  YARI is an interactive debugger for YARA Language.
  ☆86Updated 4 months ago
• williballenthin / wevt_template
  extract and parse WEVT_TEMPLATEs from PE files
  ☆17Updated 8 months ago
• ForensicRS / forensic-rs
  Forensic framework to build tools that can be reused in multiple projects without changing anything
  ☆19Updated 5 months ago
• 00010111 / gMetaDataParse
  ☆19Updated last year
• AbdulRhmanAlfaifi / SDSParser-rs
  NTFS Security Descriptor Stream ($Secure:$SDS) parser
  ☆13Updated last year
• msuhanov / ntfs-samples
  NTFS samples
  ☆24Updated 4 years ago
• CyberCX-DFIR / usnjrnl_rewind
  USN Journal full path builder
  ☆36Updated this week
• lxndrblz / forensicsim
  A forensic open-source parser module for Autopsy that allows extracting the messages, comments, posts, contacts, calendar entries and rea…
  ☆72Updated 2 months ago
• sk4la / volatility3-docker
  Volatility, on Docker 🐳
  ☆23Updated 2 months ago
• strozfriedberg / lightgrep
  Command-line utility for multipattern search using liblightgrep
  ☆58Updated last month
• zff-team / zff-rs
  Library to handle the files in zff format (file format to store and handle forensic acquisitions).
  ☆20Updated 2 weeks ago
• invoke-eric / jupyter
  Jupyter Notebooks for Cyber Threat Intelligence
  ☆35Updated last year
• yarox24 / EvtxHussar
  Initial triage of Windows Event logs
  ☆83Updated 3 months ago
• theAtropos4n6 / Partition-4DiagnosticParser
  Windows Event Log "Microsoft-Windows-Partition%4Diagnostic.evtx" parser and devices' VSNs extractor.
  ☆19Updated 9 months ago
• mgeeky / procmon-filters
  SysInternals' Process Monitor filters repository - collected from various places and made up by myself. To be used for quick Behavioral a…
  ☆62Updated 2 years ago