☆13Apr 6, 2016Updated 9 years ago
Alternatives and similar repositories for pyetw
Users that are interested in pyetw are comparing it to the libraries listed below
Sorting:
- Binary commandline executable to parse ETL files☆69Jun 7, 2018Updated 7 years ago
- NTFS samples☆27Aug 1, 2020Updated 5 years ago
- Decoders for 7ev3n ransomware☆17Oct 24, 2016Updated 9 years ago
- A command line tool that sends its input data to a running procmon instance.☆15Feb 24, 2017Updated 9 years ago
- Registry to JSON. This Project is for learning purposes and is not maintained.�☆12Dec 28, 2021Updated 4 years ago
- LNK to JSON☆14Mar 7, 2019Updated 7 years ago
- Extract Authenticode signature data from PE format file☆18Nov 17, 2019Updated 6 years ago
- A set of commands to bypass Defender (and some other AVs)☆20Jul 25, 2019Updated 6 years ago
- A pointer scanner for Windows written in Rust☆19Dec 18, 2025Updated 2 months ago
- MacOS incident Response Toolkit. Mostly written while stuck on a NJTransit train.☆20Feb 20, 2020Updated 6 years ago
- Recover EXT filesystem info from carved directory blocks☆19Jun 23, 2017Updated 8 years ago
- Fix acquired .evt - Windows Event Log files (Forensics)☆18Mar 29, 2016Updated 9 years ago
- Manage Your Large Team of Consultants☆11Sep 18, 2025Updated 5 months ago
- Synopsis is a tool to aid analysts reviewing browser history files by providing a high-level “synopsis” of key information.☆23Oct 31, 2018Updated 7 years ago
- General repository for compiled and uncompiled EnCase EnScripts☆46Mar 11, 2021Updated 4 years ago
- r0ak ("roak") is the Ring 0 Army Knife -- A Command Line Utility To Read/Write/Execute Ring Zero on for Windows 10 Systems☆28Aug 6, 2018Updated 7 years ago
- Containerized IDA Pro (Windows/Wine), DEPRECIATED, please use https://github.com/NyaMisty/docker-wine-ida☆26Nov 23, 2017Updated 8 years ago
- A simple many-rules to many-files YARA scanner for incident response or malware zoos.☆27Jun 3, 2018Updated 7 years ago
- findLoop - find possible encryption/decryption or compression/decompression code☆28Mar 30, 2019Updated 6 years ago
- MasterParser is a simple, all-in-one, digital forensics artifact parser☆24Jul 9, 2021Updated 4 years ago
- ☆31Aug 26, 2015Updated 10 years ago
- ☆23May 19, 2019Updated 6 years ago
- penter hook example and driver time recorder☆31Oct 2, 2017Updated 8 years ago
- Parse Microsoft shim databases☆32Jan 8, 2025Updated last year
- AFF4 Standard Documents☆29Feb 4, 2022Updated 4 years ago
- Simple driver to register all available process, thread, image, Registry, and Object callbacks☆124Oct 5, 2017Updated 8 years ago
- Parses the WMI object database....looking for persistence☆34Dec 12, 2019Updated 6 years ago
- Golang port of PEFile☆31Jul 23, 2020Updated 5 years ago
- A document tagging library☆33Mar 27, 2025Updated 11 months ago
- Handy scripts to speed up malware analysis☆34Oct 3, 2023Updated 2 years ago
- prpl QEMU PEG☆13Apr 25, 2016Updated 9 years ago
- Go Lang Portable Executable Parser☆39Mar 31, 2021Updated 4 years ago
- C++ wrapper for YARA.☆45Jan 27, 2020Updated 6 years ago
- IDAPro scripts/plugins☆93Feb 26, 2019Updated 7 years ago
- Extract compressed memory pages from page-aligned data☆47Sep 25, 2018Updated 7 years ago
- Windows x64 Process Scanner to detect application compatability shims☆37Oct 17, 2018Updated 7 years ago
- MFT Fast Transcoder is a fast forensic tool to analyze MFT of NTFS partitions.☆12Feb 27, 2023Updated 3 years ago
- A clone of FD (File & Directory tool) by T.Shirai☆16Jan 29, 2014Updated 12 years ago
- Minimal C port of UTF8-CPP☆12Jun 2, 2019Updated 6 years ago