omerbenamram / winstructs
Parsers for common structures across windows formats.
☆12Updated last year
Related projects ⓘ
Alternatives and complementary repositories for winstructs
- lnk_parser is a full rust implementation to parse windows LNK files☆16Updated last year
- Wrapper for TSK (Sleuth Kit) Bindings☆11Updated last year
- Manage Your Large Team of Consultants☆12Updated 4 months ago
- ☆31Updated 2 years ago
- Windows file metadata / forensic tool.☆15Updated 2 months ago
- Hundred Days of Yara Challenge☆12Updated 2 years ago
- ☆19Updated last year
- USN to JSON☆22Updated 4 years ago
- LNK to JSON☆14Updated 5 years ago
- NTFS file system specimens☆14Updated last year
- Windows Thingies... but in Rust☆23Updated 2 years ago
- This is a repo for fetching Applocker event log by parsing the win-event log☆30Updated 2 years ago
- ☆34Updated last year
- Windows registry samples☆23Updated 6 years ago
- A Windows registry file parser written in Rust☆36Updated last year
- PS-TrustedDocuments: PowerShell script to handle information on trusted documents for Microsoft Office☆34Updated last year
- Publicly shareable windows event log message data☆27Updated 4 years ago
- Go implementation of an Extensible Storage Engine parser☆27Updated 2 months ago
- PowerShell scripts to aid investigators when utilizing O365 and Magnet Axiom.☆10Updated 2 months ago
- Just Another broken Registry Parser (JARP)☆16Updated 5 months ago
- A pure PowerShell/ .NET DFIR capability that dumps the Windows SRUM (System Resource Usage Monitor) database to CSVs for analysis.☆13Updated 3 years ago
- A golang implementation of a prefetch parser.☆19Updated 2 months ago
- PowerShell 'Hero': scripts for DFIR and automation with a PowerShell menu example.☆35Updated last year
- Splunk Technology-AddOn for Aurora Sigma-Based EDR Agent. It helps parse and configure the necessary inputs to neatly consume Aurora EDR …☆13Updated 2 years ago
- ☆10Updated last year
- This script will generate hashes (MD5, SHA1, SHA256), submit the MD5 to Virus Total, and produce a text file with the results.☆15Updated last year
- This repository contains sample log data that were collected after running adversary simulations in Microsoft 365☆20Updated last month
- Malformed Access Log to CSV - Convert Web Server Access Logs to CSV☆15Updated 2 months ago
- USN Journal full path builder☆36Updated 2 months ago
- Google Filestream Forensic Tool☆16Updated 2 years ago