mkorman90 / regipy
Regipy is an os independent python library for parsing offline registry hives
☆240Updated 2 weeks ago
Related projects: ⓘ
- YARA malware query accelerator (web frontend)☆407Updated this week
- An NTFS/FAT parser for digital forensics & incident response☆189Updated last year
- ☆293Updated 4 years ago
- Tool suite for inspecting NTFS artifacts.☆213Updated 10 months ago
- A modern Python-3-based alternative to RegRipper☆184Updated 11 months ago
- ☆271Updated last year
- An AFF4 C++ implementation.☆187Updated last year
- A VBA parser and emulation engine to analyze malicious macros.☆90Updated this week
- "Evolving AppCompat/AmCache data analysis beyond grep"☆192Updated 3 years ago
- The Volatility Collaborative GUI☆217Updated last week
- EVTXtract recovers and reconstructs fragments of EVTX log files from raw binary data, including unallocated space and memory images.☆180Updated 4 years ago
- Get all my software☆135Updated last week
- Set of Yara rules for finding files using magics headers☆134Updated 4 years ago
- A collection of YARA rules we wish to share with the world, most probably referenced from http://blog.inquest.net.☆360Updated 2 years ago
- IOC from articles, tweets for archives☆310Updated 9 months ago
- DC3 Malware Configuration Parser (DC3-MWCP) is a framework for parsing configuration information from malware. The information extracted …☆293Updated 3 months ago
- Yet another registry parser☆128Updated 2 years ago
- This is a set of tools for doing forensics analysis on Microsoft ESE databases.☆123Updated 2 years ago
- A framework for orchestrating forensic collection, processing and data export☆290Updated this week
- 🚨 The artifactcollector is a customizable agent to collect forensic artifacts on any Windows, macOS or Linux system☆264Updated 10 months ago
- ATT&CK Remote Threat Hunting Incident Response☆196Updated 5 years ago
- User guide of MISP☆254Updated 11 months ago
- Misc Threat Hunting Resources☆368Updated last year
- A repo that contains recursive directory listings (using PowerShell) of a vanilla (clean) install of every Windows OS version to compare …☆139Updated 2 months ago
- Pure Python parser for Windows Registry hives.☆425Updated 8 months ago
- C# based evtx parser with lots of extras☆266Updated 2 weeks ago
- Scripts to facilitate filtering with Plaso☆124Updated 4 years ago
- Command line access to the Registry☆123Updated 2 weeks ago
- PowerShell script for deobfuscating encoded PowerShell scripts☆416Updated 3 years ago
- ☆167Updated 2 months ago