sumeshi / ntfsdump
An efficient tool for extracting files, directories, and alternate data streams directly from NTFS image files.
☆17Updated 6 months ago
Related projects: ⓘ
- An efficient tool for search files, directories, and alternate data streams directly from NTFS image files.☆19Updated 6 months ago
- Tools for macOS Forensic Bootable media☆15Updated 4 years ago
- Help deobfuscate VBScript☆15Updated 2 years ago
- Rekall Memory Forensic Framework☆29Updated 5 years ago
- This is a repository for reporting any issues in any of my software☆11Updated 6 years ago
- Collection of structures, prototype and examples for Microsoft Macro Assembler (MASM) x64.☆15Updated 4 years ago
- extract and parse WEVT_TEMPLATEs from PE files☆17Updated 8 months ago
- ☆23Updated 5 years ago
- NTFS samples☆24Updated 4 years ago
- Windows Event Log Knowledge Base☆16Updated 4 months ago
- an Excel 2007+ Binary Workbook (xlsb) parser for Python☆19Updated 2 years ago
- Parse Microsoft shim databases☆28Updated 2 weeks ago
- Command line utility for copying files on NTFS using low level disk access☆32Updated 5 months ago
- A library for fast parse & import of Windows Master File Table($MFT) into Elasticsearch.☆10Updated 4 months ago
- $MFT parser (from live systems or a copy of the $MFT) and raw file copy utility☆36Updated 2 months ago
- ☆25Updated 9 months ago
- Invoke-DetectItEasy is a wrapper for excelent tool called Detect-It-Easy. This PS module is very useful for Threat Hunting and Forensics.☆23Updated 2 years ago
- A repo that contains a recursive dump from the ROOT key of every Windows Registry hive (using KAPE) from a vanilla (clean) install of eve…☆44Updated last year
- Analysis tool for estimating the likelihood that a binary contains compressed or encrypted bytes☆38Updated 7 months ago
- ☆18Updated 3 years ago
- Native Python3 bindings for @horsicq's Detect-It-Easy☆40Updated 2 weeks ago
- AutoIt Analysis Library: Parser & Emulator For Malware Researchers☆16Updated 5 years ago
- ☆14Updated 8 months ago
- Scans through registry hives outputting entropy values for key/values, dumps binary contents to files...we are looking for those "fileles…☆10Updated 5 years ago
- Repository containing malware analysis filters for the Windows SysInternals' - Process Monitor tool☆13Updated 3 years ago
- Dump certificates from PE files in different formats☆36Updated 8 months ago
- Collection of tips, tools, arsenal and techniques I've learned during RE and other CyberSecStuff☆53Updated 4 months ago
- An IDA plugin to deal with Event Tracing for Windows (ETW)☆49Updated 2 years ago
- ☆59Updated 2 months ago
- xlrd2 is a variant of xlrd that is actively maintained☆23Updated last month