tribalchicken / volatility-bitlocker

Related projects ⓘ

Alternatives and complementary repositories for volatility-bitlocker

• breppo / Volatility-BitLocker
  Volatility plugin to retrieve the Full Volume Encryption Key in memory. The FVEK can then be used with the help of Dislocker to mount the…
  ☆35Updated 4 years ago
• MagnetForensics / Hibr2Bin
  Comae Hibernation File Decompressor
  ☆141Updated last year
• mandiant / win10_volatility
  An advanced memory forensics framework
  ☆92Updated 5 years ago
• memoryforensics1 / VolExp
  volatility explorer
  ☆90Updated 4 years ago
• Paul-Tew / lifer
  Windows link file (shortcuts) examiner
  ☆67Updated 5 months ago
• ufrisk / MemProcFS-plugins
  ☆55Updated last month
• Dump-GUY / ghidra_scripts
  ☆66Updated last year
• msuhanov / winmem_decompress
  Extract compressed memory pages from page-aligned data
  ☆41Updated 6 years ago
• dfirfpi / dpapilab
  Windows DPAPI laboratory
  ☆86Updated 6 years ago
• ernw / quarantine-formats
  Documentation and parsers for different anti-virus quarantine formats.
  ☆41Updated 3 years ago
• you0708 / lznt1
  Python implementation of LZNT1 compression/decompression
  ☆61Updated 4 years ago
• Wenzel / osw-fs-windows
  A git history of Windows filesystems
  ☆76Updated 4 years ago
• elceef / bitlocker
  Volatility Framework plugin for extracting BitLocker FVEK (Full Volume Encryption Key)
  ☆222Updated 8 years ago
• blacknbunny / peanalyzer
  Advanced Portable Executable File Analyzer And Disassembler 32 & 64 Bit
  ☆99Updated 5 years ago
• monnappa22 / Psinfo
  Psinfo is a Volatility plugin which collects the process related information from the VAD (Virtual Address Descriptor) and PEB (Process E…
  ☆36Updated 8 years ago
• SafeBreach-Labs / BITSInject
  A one-click tool to inject jobs into the BITS queue (Background Intelligent Transfer Service), allowing arbitrary program execution as th…
  ☆98Updated 5 years ago
• cyb3rfox / MFTEntryCarver
  Carve files for MFT entries (eg. blkls output or memory dumps). Recovers filenames (long & short), timestamps ($STD & $FN) and data if re…
  ☆21Updated 5 years ago
• ANSSI-FR / bootcode_parser
  A boot record parser that identifies known good signatures for MBR, VBR and IPL.
  ☆97Updated 6 years ago
• GDATAAdvancedAnalytics / winreg-tasks
  ☆14Updated 2 years ago
• volatilityfoundation / community3
  Volatility3 plugins developed and maintained by the community
  ☆45Updated last year
• Big5-sec / SourceFu
  hopefully a source-to-source deobfuscator, aiming at deobfuscating common scripts languages such as Powershell, VBA and Javascript. Curre…
  ☆40Updated 5 years ago
• b1ack0wl / DVRF
  The Damn Vulnerable Router Firmware Project
  ☆30Updated 6 years ago
• cube0x8 / ChromeRagamuffin
  Google Chrome internals analysis using Volatility
  ☆41Updated 2 years ago
• JPCERTCC / Windows-Symbol-Tables
  Windows symbol tables for Volatility 3
  ☆73Updated 4 months ago
• ohjeongwook / ShellCodeEmulator
  Shellcode emulator written with Unicorn Framework With Process Dump Emulation Environment
  ☆117Updated 4 years ago
• milkdevil / UltimateAppLockerByPassList
  ☆57Updated 3 years ago
• jschicht / UsnJrnl2Csv
  Parser for $UsnJrnl on NTFS
  ☆108Updated last year
• mnrkbys / vss_carver
  Carves and recreates VSS catalog and store from Windows disk image.
  ☆96Updated last year
• kevoreilly / CAPE
  Malware Configuration And Payload Extraction
  ☆18Updated 4 years ago
• msuhanov / dfir_ntfs
  An NTFS/FAT parser for digital forensics & incident response
  ☆191Updated 2 weeks ago