williballenthin / EVTXtractLinks
EVTXtract recovers and reconstructs fragments of EVTX log files from raw binary data, including unallocated space and memory images.
☆196Updated 5 months ago
Alternatives and similar repositories for EVTXtract
Users that are interested in EVTXtract are comparing it to the libraries listed below
Sorting:
- ☆303Updated 5 years ago
- Parse Windows Prefetch files: Supports XP - Windows 10 Prefetch files☆119Updated last year
- A modern Python-3-based alternative to RegRipper☆196Updated 4 months ago
- Tools from WFA 4/e, timeline tools, etc.☆141Updated last year
- ☆278Updated 2 years ago
- Yet another registry parser☆133Updated 3 years ago
- "Evolving AppCompat/AmCache data analysis beyond grep"☆205Updated 3 years ago
- A lightweight tool to load Windows Event Log evtx files into Elasticsearch.☆118Updated 4 years ago
- Page File analysis tools.☆128Updated 9 years ago
- Extract common Windows artifacts from source images and VSCs☆65Updated 4 years ago
- Python script for extracting USB information from Windows registry hives☆128Updated 6 years ago
- Autoruns plugin for the Volatility framework☆122Updated 6 years ago
- Tool suite for inspecting NTFS artifacts.☆224Updated last year
- Invoke-LiveResponse☆149Updated 3 years ago
- Set of Yara rules for finding files using magics headers☆139Updated 4 years ago
- Python script to decode common encoded PowerShell scripts☆216Updated 7 years ago
- A VBA parser and emulation engine to analyze malicious macros.☆96Updated last week
- Dump of organized knowledge on DFIR☆135Updated 3 years ago
- Tools for DFIR☆120Updated 7 years ago
- PE Import Hash Generator☆81Updated 8 years ago
- Volatility plugins created by the author☆44Updated 9 years ago
- A rewrite of mactime, a bodyfile reader☆40Updated last year
- Lazy Office Analyzer☆122Updated 8 years ago
- Parser for Windows PowerShell script block logs☆99Updated last year
- A better strings utility!☆136Updated 2 months ago
- Windows Live Artifacts Acquisition Script☆189Updated 3 years ago
- ☆82Updated 9 years ago
- Reconstruct process trees from event logs☆147Updated 5 years ago
- PowerShell No Agent Hunting☆110Updated 7 years ago
- Repository containing IOCs, CSV and MISP JSON from our blogs☆81Updated 4 years ago