sebmarchand / pyetwView external linksLinks
☆13Apr 6, 2016Updated 9 years ago
Alternatives and similar repositories for pyetw
Users that are interested in pyetw are comparing it to the libraries listed below
Sorting:
- Binary commandline executable to parse ETL files☆69Jun 7, 2018Updated 7 years ago
- NTFS samples☆27Aug 1, 2020Updated 5 years ago
- A command line tool that sends its input data to a running procmon instance.☆15Feb 24, 2017Updated 8 years ago
- Decoders for 7ev3n ransomware☆17Oct 24, 2016Updated 9 years ago
- Registry to JSON. This Project is for learning purposes and is not maintained.☆12Dec 28, 2021Updated 4 years ago
- LNK to JSON☆14Mar 7, 2019Updated 6 years ago
- Extract Authenticode signature data from PE format file☆18Nov 17, 2019Updated 6 years ago
- A set of commands to bypass Defender (and some other AVs)☆20Jul 25, 2019Updated 6 years ago
- Fix acquired .evt - Windows Event Log files (Forensics)☆18Mar 29, 2016Updated 9 years ago
- Recover EXT filesystem info from carved directory blocks☆19Jun 23, 2017Updated 8 years ago
- MacOS incident Response Toolkit. Mostly written while stuck on a NJTransit train.☆20Feb 20, 2020Updated 5 years ago
- Manage Your Large Team of Consultants☆11Sep 18, 2025Updated 4 months ago
- Containerized IDA Pro (Windows/Wine), DEPRECIATED, please use https://github.com/NyaMisty/docker-wine-ida☆27Nov 23, 2017Updated 8 years ago
- r0ak ("roak") is the Ring 0 Army Knife -- A Command Line Utility To Read/Write/Execute Ring Zero on for Windows 10 Systems☆28Aug 6, 2018Updated 7 years ago
- A simple many-rules to many-files YARA scanner for incident response or malware zoos.☆27Jun 3, 2018Updated 7 years ago
- MasterParser is a simple, all-in-one, digital forensics artifact parser☆24Jul 9, 2021Updated 4 years ago
- findLoop - find possible encryption/decryption or compression/decompression code☆26Mar 30, 2019Updated 6 years ago
- ☆31Aug 26, 2015Updated 10 years ago
- Carve file metadata from NTFS index ($I30) attributes☆71Feb 3, 2024Updated 2 years ago
- AFF4 Standard Documents☆29Feb 4, 2022Updated 4 years ago
- penter hook example and driver time recorder☆31Oct 2, 2017Updated 8 years ago
- ☆23May 19, 2019Updated 6 years ago
- Parse Microsoft shim databases☆32Jan 8, 2025Updated last year
- Simple driver to register all available process, thread, image, Registry, and Object callbacks☆124Oct 5, 2017Updated 8 years ago
- A Splunk Technology Add-on to forward filtered ETW events.☆30Oct 14, 2020Updated 5 years ago
- Parses the WMI object database....looking for persistence☆34Dec 12, 2019Updated 6 years ago
- A document tagging library☆33Mar 27, 2025Updated 10 months ago
- Handy scripts to speed up malware analysis☆35Oct 3, 2023Updated 2 years ago
- ☆30Nov 8, 2017Updated 8 years ago
- prpl QEMU PEG☆13Apr 25, 2016Updated 9 years ago
- Go Lang Portable Executable Parser☆39Mar 31, 2021Updated 4 years ago
- IDAPro scripts/plugins☆93Feb 26, 2019Updated 6 years ago
- Extract compressed memory pages from page-aligned data☆47Sep 25, 2018Updated 7 years ago
- C++ wrapper for YARA.☆45Jan 27, 2020Updated 6 years ago
- Windows x64 Process Scanner to detect application compatability shims☆37Oct 17, 2018Updated 7 years ago
- LuxCoreRender Windows Compilation Environment☆13Jun 3, 2024Updated last year
- Different DFIR and CTI utilities☆38May 13, 2020Updated 5 years ago
- Melo: your personal music hub (Remote files, Webradio, Airplay, UPnP, DLNA, ...)☆10Dec 25, 2024Updated last year
- Minimal C port of UTF8-CPP☆12Jun 2, 2019Updated 6 years ago