williballenthin / python-registry
Pure Python parser for Windows Registry hives.
☆428Updated 2 months ago
Alternatives and similar repositories for python-registry:
Users that are interested in python-registry are comparing it to the libraries listed below
- Tool suite for inspecting NTFS artifacts.☆219Updated last year
- Regipy is an os independent python library for parsing offline registry hives☆254Updated 3 months ago
- ☆427Updated last year
- ☆275Updated last year
- ETW Python Library☆279Updated last year
- analyzeMFT.py is designed to fully parse the MFT file from an NTFS filesystem and present the results as accurately as possible in multip…☆473Updated 5 months ago
- ☆302Updated 4 years ago
- Volatility plugins developed and maintained by the community☆358Updated 3 years ago
- EVTXtract recovers and reconstructs fragments of EVTX log files from raw binary data, including unallocated space and memory images.☆192Updated 3 weeks ago
- A VBA parser and emulation engine to analyze malicious macros.☆1,079Updated 8 months ago
- A YARA-integrated process denial framework for Windows☆398Updated 5 years ago
- Vba2Graph - Generate call graphs from VBA code, for easier analysis of malicious documents.☆279Updated 3 years ago
- ☆507Updated 4 years ago
- Script for automating Linux memory capture and analysis☆269Updated 5 years ago
- VolatilityBot – An automated memory analyzer for malware samples and memory dumps☆264Updated 3 years ago
- Web App for Volatility framework☆379Updated 4 months ago
- Modified edition of cuckoo☆398Updated 7 years ago
- A VBA parser and emulation engine to analyze malicious macros.☆95Updated last month
- Parse Windows Prefetch files: Supports XP - Windows 10 Prefetch files☆115Updated 10 months ago
- Wraps around various tools and provides some additional checks/information to produce a centralized report of a PE file.☆205Updated 11 years ago
- Django web interface for managing Yara rules☆191Updated 6 years ago
- Digital Forensics Virtual File System (dfVFS)☆207Updated 3 months ago
- Allows you to quickly query a Windows machine for RAM artifacts☆220Updated 4 years ago
- VolDiff: Malware Memory Footprint Analysis based on Volatility☆194Updated 7 years ago
- Python bindings for The Sleuth Kit (libtsk)☆97Updated 3 weeks ago
- Extract $MFT record info and log it to a csv file.☆268Updated 5 months ago
- PEframe is a open source tool to perform static analysis on Portable Executable malware and malicious MS Office documents.☆613Updated 2 years ago
- Pure Python parser for Application Compatibility Shim Databases (.sdb files)☆109Updated 4 years ago
- Web interface for the Volatility Memory Forensics Framework☆260Updated 7 years ago
- Windows Live Artifacts Acquisition Script☆186Updated 2 years ago