sumeshi / ntfsdump

Related projects ⓘ

Alternatives and complementary repositories for ntfsdump

• libyal / winevt-kb
  Windows Event Log Knowledge Base
  ☆18Updated last month
• ydkhatri / macOS_FE
  Tools for macOS Forensic Bootable media
  ☆15Updated 4 years ago
• sumeshi / ntfsfind
  An efficient tool for search files, directories, and alternate data streams directly from NTFS image files.
  ☆22Updated 9 months ago
• williballenthin / wevt_template
  extract and parse WEVT_TEMPLATEs from PE files
  ☆18Updated 10 months ago
• mandiant / win10_rekall
  Rekall Memory Forensic Framework
  ☆29Updated 5 years ago
• repnz / windows-imports-searcher
  Support Windows OS Reversing by searching easily for references to functions across many DLLs
  ☆33Updated 2 years ago
• connormcgarr / Presentations
  ☆26Updated 3 weeks ago
• airbus-cert / etwbreaker
  An IDA plugin to deal with Event Tracing for Windows (ETW)
  ☆50Updated 2 years ago
• mandiant / win10_auto
  ☆24Updated 5 years ago
• Dump-GUY / Invoke-DetectItEasy
  Invoke-DetectItEasy is a wrapper for excelent tool called Detect-It-Easy. This PS module is very useful for Threat Hunting and Forensics.
  ☆23Updated 2 years ago
• packing-box / bintropy
  Analysis tool for estimating the likelihood that a binary contains compressed or encrypted bytes
  ☆42Updated 9 months ago
• EricZimmerman / SDB
  Parse Microsoft shim databases
  ☆29Updated 2 months ago
• eset / vulnerability-disclosures
  Repository of vulnerabilities disclosed by ESET
  ☆27Updated 2 years ago
• ch3rn0byl / WinDbg-Extensions
  ☆17Updated 3 years ago
• Harvester57 / CodeIntegrity-DriverBlocklist
  ☆20Updated 2 months ago
• tyranid / DumpReparsePoints
  This is a simple tool to dump all the reparse points on an NTFS volume.
  ☆31Updated 4 years ago
• hasherezade / pe_utils
  A set of small utilities, helpers for PIN tracers
  ☆31Updated last year
• sumeshi / mft2es
  A library for fast parse & import of Windows Master File Table($MFT) into Elasticsearch.
  ☆11Updated 6 months ago
• hasherezade / pin_n_sieve
  An experimental dynamic malware unpacker based on Intel Pin and PE-sieve
  ☆57Updated 3 months ago
• mauronz / binja-emotet
  ☆18Updated 4 years ago
• c3rb3ru5d3d53c / karton-unpacker
  A modular Karton Framework service that unpacks common packers like UPX and others using the Qiling Framework.
  ☆51Updated 3 years ago
• dr-anoroc / rawccopy
  Command line utility for copying files on NTFS using low level disk access
  ☆32Updated 8 months ago
• woanware / reg-entropy-scanner
  Scans through registry hives outputting entropy values for key/values, dumps binary contents to files...we are looking for those "fileles…
  ☆11Updated 5 years ago
• ufrisk / MemProcFS-plugins
  ☆55Updated last month
• airbus-cert / ttd2mdmp
  Extract data of TTD trace file to a minidump
  ☆28Updated last year
• Dump-GUY / Python3---Binary-Data-Manipulation
  Python 3 - Manipulation and conversation with different data type (Bytes operations)
  ☆27Updated 2 years ago
• skelsec / aiowinreg
  Registry hive parsing the async way
  ☆19Updated 2 months ago
• DebugPrivilege / WindowsAP1
  Code samples that serve as references for Windows API functions
  ☆12Updated 5 months ago
• herosi / triage-collector
  ☆21Updated last month
• am0nsec / masm64
  Collection of structures, prototype and examples for Microsoft Macro Assembler (MASM) x64.
  ☆16Updated 4 years ago