theflakes / fmd
Windows file metadata / forensic tool.
☆18Updated 6 months ago
Alternatives and similar repositories for fmd:
Users that are interested in fmd are comparing it to the libraries listed below
- Just Another broken Registry Parser (JARP)☆16Updated 10 months ago
- Jupyter Notebooks for Cyber Threat Intelligence☆36Updated last year
- A repo for centralizing ongoing research on the new Windows 10/11 DFIR artifact, EventTranscript.db.☆39Updated 2 years ago
- ☆20Updated last week
- A repository hosting example goodware evtx logs containing sample software installation and basic user interaction☆76Updated last year
- ☆18Updated 2 years ago
- Memory Baseliner is a script that can compare two windows memory images or perform frequency of occurrence / data stacking analysis on mu…☆52Updated last year
- MasterParser is a simple, all-in-one, digital forensics artifact parser☆23Updated 3 years ago
- Yara rules☆21Updated last year
- Quick ESXi Log Parser☆16Updated 2 months ago
- Logbook for Digital Forensics and Incident Response☆50Updated 8 months ago
- 100 Days of YARA to be updated with rules & ideas as the year progresses☆58Updated 2 years ago
- A Windows registry file parser written in Rust☆37Updated last year
- ☆34Updated 2 years ago
- ☆33Updated 5 months ago
- Publicly shareable windows event log message data☆27Updated 5 years ago
- ☆33Updated 3 years ago
- PS-TrustedDocuments: PowerShell script to handle information on trusted documents for Microsoft Office☆35Updated 2 years ago
- An experimental script to perform bulk parsing of arbitrary file features with YARA and console logging.☆21Updated 2 years ago
- A collection of Terraform and Ansible scripts that automatically (and quickly) deploys a small Velociraptor R&D lab.☆20Updated 3 years ago
- ☆19Updated 2 months ago
- Scripts and lists to help generate YARA friendly string mutations☆21Updated last year
- Script for parsing Symantec Endpoint Protection logs, VBNs, and ccSubSDK database.☆64Updated 2 years ago
- This repository contains sample log data that were collected after running adversary simulations in Microsoft 365☆20Updated 5 months ago
- A repository containing the research output from my GCFE Gold Paper which compared Windows 10 and Windows 11.☆26Updated 2 years ago
- PowerShell 'Hero': scripts for DFIR and automation with a PowerShell menu example.☆36Updated last year
- Extract BITS jobs from QMGR queue and store them as CSV records☆75Updated last month
- A script that updates KAPE (using Get-KAPEUpdate.ps1) as well as EZ Tools (within .\KAPE\Modules\bin) and the ancillary files that enhanc…☆55Updated last month
- Carve file metadata from NTFS index ($I30) attributes☆63Updated last year
- Plugins for parsing CSV files in Timeline Explorer. This project allows for anyone to add more supported files (i,e. they get a Line #/ta…☆22Updated 2 weeks ago