tribalchicken / volatility-bitlockerLinks
Volatility plugin to extract BitLocker Full Volume Encryption Keys (FVEK)
☆66Updated 3 years ago
Alternatives and similar repositories for volatility-bitlocker
Users that are interested in volatility-bitlocker are comparing it to the libraries listed below
Sorting:
- Comae Hibernation File Decompressor☆150Updated 2 years ago
- volatility explorer☆91Updated 4 years ago
- An advanced memory forensics framework☆94Updated 5 years ago
- Volatility plugin to retrieve the Full Volume Encryption Key in memory. The FVEK can then be used with the help of Dislocker to mount the…☆50Updated 5 years ago
- Volatility3 plugins developed and maintained by the community☆58Updated 2 years ago
- Extract compressed memory pages from page-aligned data☆45Updated 6 years ago
- Fork of aeskeyfind that knows more formats of AES key schedule☆65Updated 8 years ago
- Google Chrome internals analysis using Volatility☆42Updated 2 years ago
- Windows link file (shortcuts) examiner☆68Updated last year
- Transfer EIP control to shellcode during malware analysis investigation☆75Updated 10 years ago
- PoC for hiding data within $MFT☆12Updated 10 years ago
- Parses the WMI object database....looking for persistence☆32Updated 5 years ago
- Psinfo is a Volatility plugin which collects the process related information from the VAD (Virtual Address Descriptor) and PEB (Process E…☆36Updated 8 years ago
- Library and tools to access the Windows Prefetch File (SCCA) format.☆75Updated 5 months ago
- NTFS parser, plus linking capabilites between MFT LogFile and UsnJrnl☆37Updated 8 years ago
- Capa analysis importer for Ghidra.☆61Updated 4 years ago
- Collection of tips, tools, arsenal and techniques I've learned during RE and other CyberSecStuff☆54Updated 4 months ago
- a modified version base on Tracecorn☆20Updated 5 years ago
- Volatility Plugins☆63Updated last year
- Dynamic PowerShell Analysis Framework Based Upon PowerShell Debugging Functionality☆83Updated 2 years ago
- ☆56Updated 8 months ago
- Steezy - Ghetto Yara Generation☆15Updated 2 years ago
- Handy scripts to speed up malware analysis☆35Updated last year
- Windows Prefetch parser. Supports all known versions from Windows XP to Windows 10.☆113Updated 5 months ago
- Script that checks for available updates for the most commonly used Digital Forensics tools☆59Updated 4 years ago
- Windows Shortcut file (LNK) parser☆135Updated 2 years ago
- Carve files for MFT entries (eg. blkls output or memory dumps). Recovers filenames (long & short), timestamps ($STD & $FN) and data if re…☆21Updated 6 years ago
- ☆19Updated last month
- Radare2 Metadata Extraction to Elasticsearch☆23Updated last year
- Hollowfind is a Volatility plugin to detect different types of process hollowing techniques used in the wild to bypass, confuse, deflect …☆137Updated 2 years ago