tribalchicken / volatility-bitlocker
Volatility plugin to extract BitLocker Full Volume Encryption Keys (FVEK)
☆65Updated 3 years ago
Alternatives and similar repositories for volatility-bitlocker:
Users that are interested in volatility-bitlocker are comparing it to the libraries listed below
- Volatility plugin to retrieve the Full Volume Encryption Key in memory. The FVEK can then be used with the help of Dislocker to mount the…☆45Updated 5 years ago
- Comae Hibernation File Decompressor☆148Updated 2 years ago
- volatility explorer☆91Updated 4 years ago
- An advanced memory forensics framework☆95Updated 5 years ago
- Autopsy Module to analyze Registry Hives☆15Updated 3 years ago
- ☆23Updated last year
- Set of tools to analyze Tinynuke samples☆15Updated 3 years ago
- Breaking the security of Microsoft's RMS☆54Updated 5 years ago
- Windows link file (shortcuts) examiner☆68Updated 10 months ago
- Windows symbol tables for Volatility 3☆83Updated 9 months ago
- Google Chrome internals analysis using Volatility☆42Updated 2 years ago
- YARI is an interactive debugger for YARA Language.☆88Updated 3 months ago
- Dynamic PowerShell Analysis Framework Based Upon PowerShell Debugging Functionality☆83Updated 2 years ago
- Telsy CTI Research Team☆57Updated 4 years ago
- Fork of aeskeyfind that knows more formats of AES key schedule☆64Updated 7 years ago
- Tool to decompress data from Windows 10 page files and memory dumps, that has been compressed by the Windows 10 memory manager.☆50Updated 6 years ago
- Python implementation of LZNT1 compression/decompression☆64Updated 5 years ago
- Extract compressed memory pages from page-aligned data☆45Updated 6 years ago
- ConventionEngine - A Yara Rulepack for PDB Path Hunting☆38Updated 2 years ago
- A multi-threaded malware sample downloader based upon given MD-5/SHA-1/SHA-256 hashes, using multiple malware databases.☆30Updated 2 years ago
- Volatility3 plugins developed and maintained by the community☆51Updated 2 years ago
- NTFS parser, plus linking capabilites between MFT LogFile and UsnJrnl☆37Updated 8 years ago
- ☆19Updated 2 months ago
- Parser for $UsnJrnl on NTFS☆110Updated 2 years ago
- Rekall Memory Forensic Framework☆32Updated 5 years ago
- An NTFS/FAT parser for digital forensics & incident response☆203Updated 5 months ago
- Royal APT - APT15 - Related Information from NCC Group Cyber Defense Operations Research☆53Updated 7 years ago
- Library and tools to access the Windows Prefetch File (SCCA) format.☆73Updated 3 months ago
- Transfer EIP control to shellcode during malware analysis investigation☆75Updated 10 years ago
- ☆23Updated 5 years ago