williballenthin / python-evtLinks
Pure Python parser for classic Windows Event Log files (.evt)
☆50Updated last year
Alternatives and similar repositories for python-evt
Users that are interested in python-evt are comparing it to the libraries listed below
Sorting:
- Generate a Yara rule to find base64-encoded files containg a specific keyword☆40Updated 6 years ago
- Shows command lines used by latest instances analyzed on Hybrid-Analysis☆43Updated 6 years ago
- Python tool and library to help analyze files during malware triage and analysis.☆78Updated 4 years ago
- A short and small memory forensics helper.☆52Updated 7 years ago
- ☆27Updated 7 years ago
- Yara rules for detecting malware☆23Updated 9 months ago
- Volatility memory forensics plugin for extracting Windows DNS Cache☆29Updated 8 years ago
- Handy scripts to speed up malware analysis☆35Updated last year
- An Incident Response tool that visualizes historic process execution evidence (based on Event ID 4688 - Process Creation Event) in a tree…☆60Updated 7 years ago
- Python IOC Editor☆63Updated 10 years ago
- Recover event log entries from an image by heurisitically looking for record structures.☆27Updated 9 years ago
- Ragpicker is a Plugin based malware crawler with pre-analysis and reporting functionalities. Use this tool if you are testing antivirus p…☆93Updated 9 years ago
- A warehouse for your malware☆134Updated 12 years ago
- Royal APT - APT15 - Related Information from NCC Group Cyber Defense Operations Research☆53Updated 7 years ago
- Based on the Volatility framework, this script will run various plugins as well as create a timeline, or use YARA/ClamAV/VirusTotal to fi…☆48Updated 8 years ago
- Validates yara rules and tries to repair the broken ones.☆39Updated 4 years ago
- Extract common Windows artifacts from source images and VSCs☆65Updated 4 years ago
- PowerShell scripts for Hard Drive forensics and parsing Windows Artifacts☆56Updated 4 years ago
- Process HTTP Pcaps With YARA☆103Updated 11 years ago
- Tool to decompress data from Windows 10 page files and memory dumps, that has been compressed by the Windows 10 memory manager.☆51Updated 6 years ago
- A repo to hold some scripts pertaining WMI (Windows implementation of WBEM) forensics☆86Updated 7 years ago
- JoeSandbox-Bro is a simple bro script which extracts files from your internet connection and analyzes them automatically on Joe Sandbox☆45Updated 6 years ago
- Generate bulk YARA rules from YAML input☆22Updated 5 years ago
- PE Import Hash Generator☆80Updated 7 years ago
- A Maltego transform for VirusTotal Submitter Information☆35Updated 6 years ago
- ☆19Updated 6 years ago
- Some dfir stuff☆31Updated 3 years ago
- Force-Directed Graph Generator for Volatility Ouputs☆26Updated 6 years ago
- Reconstruct process trees from event logs☆146Updated 4 years ago
- Web based Manager for Yara Rules☆58Updated 5 years ago