williballenthin / python-evt
Pure Python parser for classic Windows Event Log files (.evt)
☆48Updated last year
Alternatives and similar repositories for python-evt:
Users that are interested in python-evt are comparing it to the libraries listed below
- Shows command lines used by latest instances analyzed on Hybrid-Analysis☆43Updated 6 years ago
- Generate a Yara rule to find base64-encoded files containg a specific keyword☆40Updated 6 years ago
- ☆27Updated 7 years ago
- Royal APT - APT15 - Related Information from NCC Group Cyber Defense Operations Research☆53Updated 7 years ago
- An Incident Response tool that visualizes historic process execution evidence (based on Event ID 4688 - Process Creation Event) in a tree…☆60Updated 7 years ago
- Volatility memory forensics plugin for extracting Windows DNS Cache☆29Updated 8 years ago
- Community-based integrated malware identification system☆82Updated 2 years ago
- Process HTTP Pcaps With YARA☆102Updated 11 years ago
- A short and small memory forensics helper.☆52Updated 7 years ago
- A repo to hold some scripts pertaining WMI (Windows implementation of WBEM) forensics☆85Updated 7 years ago
- Handy scripts to speed up malware analysis☆35Updated last year
- Telsy CTI Research Team☆57Updated 4 years ago
- Python IOC Editor☆62Updated 10 years ago
- Recover event log entries from an image by heurisitically looking for record structures.☆27Updated 9 years ago
- Based on the Volatility framework, this script will run various plugins as well as create a timeline, or use YARA/ClamAV/VirusTotal to fi…☆49Updated 7 years ago
- Python tool and library to help analyze files during malware triage and analysis.☆78Updated 4 years ago
- A mapping of used malware names to commonly known family names☆62Updated 2 years ago
- Sandbox feature upgrade with the help of wrapped samples☆76Updated 6 years ago
- A collection of my public YARA signatures for various malware families☆29Updated 6 months ago
- Malware Analysis, Threat Intelligence and Reverse Engineering: LABS☆82Updated 4 years ago
- Windows link file (shortcuts) examiner☆68Updated 9 months ago
- Plugins to add funtionality to ProcDOT. http://www.procdot.com☆23Updated last year
- Force-Directed Graph Generator for Volatility Ouputs☆26Updated 6 years ago
- PowerShell scripts for Hard Drive forensics and parsing Windows Artifacts☆56Updated 4 years ago
- Extract common Windows artifacts from source images and VSCs☆65Updated 3 years ago
- Collection of YARA signatures from individual research☆44Updated last year
- Analysis of file (doc, pdf, exe, ...) in deep (emmbedded file(s)) with clamscan and yara rules☆50Updated last year
- ☆68Updated 7 years ago
- Command-line Interface for Binar.ly☆37Updated 8 years ago
- Reconstruct process trees from event logs☆148Updated 4 years ago