tribalchicken / volatility-bitlocker
Volatility plugin to extract BitLocker Full Volume Encryption Keys (FVEK)
☆65Updated 3 years ago
Alternatives and similar repositories for volatility-bitlocker:
Users that are interested in volatility-bitlocker are comparing it to the libraries listed below
- Volatility plugin to retrieve the Full Volume Encryption Key in memory. The FVEK can then be used with the help of Dislocker to mount the…☆43Updated 5 years ago
- volatility explorer☆91Updated 4 years ago
- Comae Hibernation File Decompressor☆146Updated last year
- Volatility3 plugins developed and maintained by the community☆51Updated 2 years ago
- An advanced memory forensics framework☆94Updated 5 years ago
- Carve files for MFT entries (eg. blkls output or memory dumps). Recovers filenames (long & short), timestamps ($STD & $FN) and data if re…☆21Updated 5 years ago
- ☆23Updated 11 months ago
- ☆54Updated 5 months ago
- ☆18Updated 2 years ago
- Royal APT - APT15 - Related Information from NCC Group Cyber Defense Operations Research☆53Updated 7 years ago
- Python implementation of LZNT1 compression/decompression☆64Updated 5 years ago
- Volatility Plugins☆61Updated last year
- Windows DPAPI laboratory☆90Updated 7 years ago
- Google Chrome internals analysis using Volatility☆42Updated 2 years ago
- Telsy CTI Research Team☆57Updated 4 years ago
- NTFS parser, plus linking capabilites between MFT LogFile and UsnJrnl☆37Updated 8 years ago
- Windows Event Log Knowledge Base☆23Updated 5 months ago
- Tracking APT IOCs☆25Updated 4 years ago
- Generate YARA rules for OOXML documents.☆38Updated last year
- Dynamic PowerShell Analysis Framework Based Upon PowerShell Debugging Functionality☆83Updated 2 years ago
- YARI is an interactive debugger for YARA Language.☆88Updated 2 months ago
- Windows link file (shortcuts) examiner☆68Updated 9 months ago
- ☆19Updated 2 months ago
- Collection of tips, tools, arsenal and techniques I've learned during RE and other CyberSecStuff☆54Updated last month
- a modified version base on Tracecorn☆20Updated 5 years ago
- TA505 unpacker Python 2.7☆47Updated 4 years ago
- Smart DLL execution for malware analysis in sandbox systems☆143Updated 10 years ago
- Windows symbol tables for Volatility 3☆81Updated 8 months ago
- Volatility Symbol Generator for Linux Kernels☆34Updated last year
- Extract compressed memory pages from page-aligned data☆44Updated 6 years ago