omerbenamram / winstructs
Parsers for common structures across windows formats.
☆12Updated last year
Related projects ⓘ
Alternatives and complementary repositories for winstructs
- lnk_parser is a full rust implementation to parse windows LNK files☆16Updated last year
- Manage Your Large Team of Consultants☆12Updated 3 months ago
- Wrapper for TSK (Sleuth Kit) Bindings☆11Updated last year
- Windows file metadata / forensic tool.☆15Updated last month
- USN to JSON☆22Updated 4 years ago
- ☆19Updated last year
- Just Another broken Registry Parser (JARP)☆16Updated 5 months ago
- A Windows registry file parser written in Rust☆36Updated last year
- This script will generate hashes (MD5, SHA1, SHA256), submit the MD5 to Virus Total, and produce a text file with the results.☆14Updated last year
- Windows Thingies... but in Rust☆23Updated 2 years ago
- A pure PowerShell/ .NET DFIR capability that dumps the Windows SRUM (System Resource Usage Monitor) database to CSVs for analysis.☆13Updated 3 years ago
- ☆10Updated 11 months ago
- Plugins for parsing CSV files in Timeline Explorer. This project allows for anyone to add more supported files (i,e. they get a Line #/ta…☆22Updated last week
- Hundred Days of Yara Challenge☆12Updated 2 years ago
- ☆31Updated 2 years ago
- USN Journal full path builder☆36Updated last month
- PowerShell scripts to aid investigators when utilizing O365 and Magnet Axiom.☆10Updated 2 months ago
- ☆34Updated last year
- CryptnetURLCacheParser is a tool to parse CryptAPI cache files☆16Updated 3 months ago
- Malformed Access Log to CSV - Convert Web Server Access Logs to CSV☆15Updated 2 months ago
- Google Filestream Forensic Tool☆16Updated 2 years ago
- NTFS file system specimens☆14Updated last year
- A document tagging library☆29Updated last year
- This is a repo for fetching Applocker event log by parsing the win-event log☆30Updated 2 years ago
- ESXi Cyber Security Incident Response Script☆20Updated 2 months ago
- Parser for Sdba memory pool tags☆17Updated 3 years ago
- volatility-runner is a command line application designed to speed up memory forensics using the volatility framework, primarily for insta…☆11Updated 5 years ago
- A repository containing the research output from my GCFE Gold Paper which compared Windows 10 and Windows 11.☆25Updated 2 years ago
- ☆19Updated 2 months ago
- PowerShell 'Hero': scripts for DFIR and automation with a PowerShell menu example.☆35Updated last year