msuhanov / regf
Windows registry file format specification
☆319Updated 5 years ago
Related projects: ⓘ
- Windows Registry Knowledge Base☆158Updated 5 months ago
- Events from all manifest-based and mof-based ETW providers across Windows 10 versions☆261Updated 4 months ago
- Library and tools to access the Windows XML Event Log (EVTX) format☆188Updated 2 months ago
- Tool suite for inspecting NTFS artifacts.☆213Updated 10 months ago
- Yet another library library (and tools)☆201Updated last week
- View ETW Provider manifest☆413Updated 7 months ago
- Incident Response & Digital Forensics Debugging Extension☆367Updated 5 years ago
- Portable Executable parsing library (from PE-bear)☆648Updated 3 weeks ago
- Full featured, offline Registry parser in C#☆218Updated 2 weeks ago
- Library and tools to access the Windows New Technology File System (NTFS)☆186Updated 2 months ago
- FileInsight-plugins: decoding toolbox of McAfee FileInsight hex editor for malware analysis☆155Updated last month
- zer0m0n driver for cuckoo sandbox☆350Updated 9 years ago
- ETW Python Library☆263Updated last year
- Lnk Explorer Command line edition!!☆261Updated 3 months ago
- Windows Prefetch parser. Supports all known versions from Windows XP to Windows 10.☆103Updated last month
- Source code for File Test - Interactive File System Test Tool☆255Updated 3 months ago
- RpcView is a free tool to explore and decompile Microsoft RPC interfaces☆905Updated 11 months ago
- Dynamic unpacker based on PE-sieve☆650Updated 6 months ago
- dump windows PE files using ruby☆309Updated 2 months ago
- ☆149Updated this week
- Parser for $LogFile on NTFS☆184Updated 9 months ago
- An NTFS/FAT parser for digital forensics & incident response☆189Updated last year
- Library and tools to access the Windows Prefetch File (SCCA) format.☆70Updated last month
- Live hunting of code injection techniques☆368Updated 5 years ago
- Document ETW providers☆200Updated 4 years ago
- A YARA-integrated process denial framework for Windows☆395Updated 4 years ago
- Quickly debug shellcode extracted during malware analysis☆547Updated last year
- KrabsETW provides a modern C++ wrapper and a .NET wrapper around the low-level ETW trace consumption functions.☆589Updated last month
- Commandline low level file extractor for NTFS☆272Updated 5 years ago
- This project aims at simplifying Windows API import recovery on arbitrary memory dumps☆239Updated last year