☆62Oct 12, 2024Updated last year
Alternatives and similar repositories for MemProcFS-plugins
Users that are interested in MemProcFS-plugins are comparing it to the libraries listed below
Sorting:
- Just Another broken Registry Parser (JARP)☆16May 23, 2024Updated last year
- Parser for Sdba memory pool tags☆21Jul 16, 2021Updated 4 years ago
- Python web app for previewing data in a Chrome Profile Folder☆23Jul 1, 2024Updated last year
- ☆21May 8, 2022Updated 3 years ago
- Parser fo macOS/iOS FSEvents Logs☆43May 6, 2024Updated last year
- PowerShell scripts to aid investigators when utilizing O365 and Magnet Axiom.☆12Aug 26, 2024Updated last year
- Queries for parsed spotlight database in sqlite☆13Dec 29, 2020Updated 5 years ago
- Automating forensic data extraction, reduction, and overall triage of cold disk and memory images.☆21Mar 12, 2019Updated 6 years ago
- Documentation repository☆47Feb 11, 2026Updated 2 weeks ago
- Windows symbol tables for Volatility 3☆93Jul 11, 2024Updated last year
- ☆24Mar 12, 2025Updated 11 months ago
- A modified fork of Be.HexEditor for use in debug tools☆15Jan 5, 2022Updated 4 years ago
- ☆51Nov 25, 2025Updated 3 months ago
- Memory Baseliner is a script that can compare two windows memory images or perform frequency of occurrence / data stacking analysis on mu…☆55Jul 2, 2023Updated 2 years ago
- A repo to centralize some of the regular expressions I've found useful over the course of my DFIR career.☆107Nov 23, 2022Updated 3 years ago
- Linux Baseline and Forensic Triage Tool - BETA☆57Sep 8, 2022Updated 3 years ago
- Evtx Log (xml) Browser☆56Mar 12, 2023Updated 2 years ago
- ☆12Jun 3, 2022Updated 3 years ago
- ☆38Aug 27, 2021Updated 4 years ago
- A Windows Event Log MCP☆40Aug 25, 2025Updated 6 months ago
- Browse Windows Prefetch versions: 17,23,26,30v1/2,31 & some of SuperFetch .7db/.db's☆64Dec 18, 2024Updated last year
- Carve file metadata from NTFS index ($I30) attributes☆71Feb 3, 2024Updated 2 years ago
- StickyParser - Sticky Notes Forensic. A Windows Sticky Notes Praser (snt and plum.sqlite supported). Additional Feature: SQLite Recovery …☆20Jul 18, 2023Updated 2 years ago
- A repository of output using KAPE (!EZParser Module) for various publicly available forensic images!☆17Aug 31, 2024Updated last year
- Forensic cheatsheets for use with cheat☆15Dec 2, 2021Updated 4 years ago
- A repo for centralizing ongoing research on the new Windows 10/11 DFIR artifact, EventTranscript.db.☆43Jul 18, 2022Updated 3 years ago
- Parse Microsoft shim databases☆32Jan 8, 2025Updated last year
- Windows Forensics Salt States☆21Feb 19, 2026Updated last week
- ☆17Jan 21, 2026Updated last month
- http://moaistory.blogspot.com/2018/10/winsearchdbanalyzer.html☆127Jul 20, 2024Updated last year
- Accelerating the collection, processing, analysis and outputting of digital forensic artefacts.☆32Nov 23, 2025Updated 3 months ago
- Python based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)☆68Sep 13, 2023Updated 2 years ago
- Get USB Devices from Registry hives☆22Nov 15, 2021Updated 4 years ago
- Digital Forensic Investigative Scripts☆87Feb 6, 2026Updated 3 weeks ago
- Collect-MemoryDump - Automated Creation of Windows Memory Snapshots for DFIR☆253Oct 29, 2025Updated 4 months ago
- ☆33Dec 4, 2022Updated 3 years ago
- A powershell parser for https://github.com/ufrisk/MemProcFS☆45May 12, 2021Updated 4 years ago
- Yet another registry parser☆138Apr 15, 2022Updated 3 years ago
- Automatic/Custom Destinations & LNK (MS-SHLLINK) Browser☆44Feb 21, 2026Updated last week