williballenthin / EVTXtract
EVTXtract recovers and reconstructs fragments of EVTX log files from raw binary data, including unallocated space and memory images.
☆193Updated 4 years ago
Alternatives and similar repositories for EVTXtract:
Users that are interested in EVTXtract are comparing it to the libraries listed below
- ☆296Updated 4 years ago
- A modern Python-3-based alternative to RegRipper☆190Updated last month
- "Evolving AppCompat/AmCache data analysis beyond grep"☆199Updated 3 years ago
- ☆274Updated last year
- Parse Windows Prefetch files: Supports XP - Windows 10 Prefetch files☆114Updated 7 months ago
- Yet another registry parser☆130Updated 2 years ago
- Extract common Windows artifacts from source images and VSCs☆66Updated 3 years ago
- Tools from WFA 4/e, timeline tools, etc.☆133Updated 10 months ago
- Dump of organized knowledge on DFIR☆132Updated 3 years ago
- A VBA parser and emulation engine to analyze malicious macros.☆93Updated 2 months ago
- Python script for extracting USB information from Windows registry hives☆126Updated 5 years ago
- A lightweight tool to load Windows Event Log evtx files into Elasticsearch.☆115Updated 4 years ago
- Reconstruct process trees from event logs☆146Updated 4 years ago
- Command line access to the Registry☆134Updated this week
- Invoke-LiveResponse☆145Updated 2 years ago
- PowerShell No Agent Hunting☆109Updated 6 years ago
- Page File analysis tools.☆124Updated 9 years ago
- A better strings utility!☆123Updated this week
- Windows Live Artifacts Acquisition Script☆185Updated 2 years ago
- Hollowfind is a Volatility plugin to detect different types of process hollowing techniques used in the wild to bypass, confuse, deflect …☆131Updated 2 years ago
- ☆347Updated 3 years ago
- ATT&CK Remote Threat Hunting Incident Response☆198Updated last month
- An AFF4 C++ implementation.☆191Updated last year
- ☆82Updated 8 years ago
- Parser for Windows PowerShell script block logs☆94Updated 5 months ago
- Allows you to quickly query a Windows machine for RAM artifacts☆218Updated 4 years ago
- ☆419Updated last year
- Autoruns plugin for the Volatility framework☆118Updated 5 years ago
- Scripts to facilitate filtering with Plaso☆125Updated 4 years ago
- An NTFS/FAT parser for digital forensics & incident response☆198Updated 2 months ago