williballenthin / python-evt
Pure Python parser for classic Windows Event Log files (.evt)
☆49Updated last year
Alternatives and similar repositories for python-evt:
Users that are interested in python-evt are comparing it to the libraries listed below
- Royal APT - APT15 - Related Information from NCC Group Cyber Defense Operations Research☆53Updated 7 years ago
- Reconstruct process trees from event logs☆147Updated 4 years ago
- A repo to hold some scripts pertaining WMI (Windows implementation of WBEM) forensics☆86Updated 7 years ago
- Python tool and library to help analyze files during malware triage and analysis.☆78Updated 4 years ago
- Bro PCAP Processing and Tagging API☆28Updated 7 years ago
- Generate a Yara rule to find base64-encoded files containg a specific keyword☆40Updated 6 years ago
- Handy scripts to speed up malware analysis☆35Updated last year
- Based on the Volatility framework, this script will run various plugins as well as create a timeline, or use YARA/ClamAV/VirusTotal to fi…☆49Updated 7 years ago
- Shows command lines used by latest instances analyzed on Hybrid-Analysis☆43Updated 6 years ago
- An Incident Response tool that visualizes historic process execution evidence (based on Event ID 4688 - Process Creation Event) in a tree…☆60Updated 7 years ago
- ☆53Updated 4 years ago
- ☆27Updated 7 years ago
- PowerShell scripts for Hard Drive forensics and parsing Windows Artifacts☆56Updated 4 years ago
- Python IOC Editor☆62Updated 10 years ago
- Analysis of file (doc, pdf, exe, ...) in deep (emmbedded file(s)) with clamscan and yara rules☆50Updated last year
- Binaries for the log2timeline projects and dependencies☆39Updated 7 months ago
- A short and small memory forensics helper.☆52Updated 7 years ago
- A warehouse for your malware☆134Updated 11 years ago
- Volatility Plugins☆21Updated 9 years ago
- PE Import Hash Generator☆78Updated 7 years ago
- Telsy CTI Research Team☆57Updated 4 years ago
- Plugins to add funtionality to ProcDOT. http://www.procdot.com☆23Updated last year
- Extract common Windows artifacts from source images and VSCs☆65Updated 3 years ago
- Recover event log entries from an image by heurisitically looking for record structures.☆27Updated 9 years ago
- Pure Python parser for Application Compatibility Shim Databases (.sdb files)☆109Updated 4 years ago
- Sandbox feature upgrade with the help of wrapped samples☆76Updated 6 years ago
- Process HTTP Pcaps With YARA☆102Updated 11 years ago
- Various Modules & Scripts for use with Viper Framework☆27Updated 5 years ago
- ☆82Updated 8 years ago
- Force-Directed Graph Generator for Volatility Ouputs☆26Updated 6 years ago