williballenthin / python-registry

Related projects: ⓘ

• rowingdude / analyzeMFT
  analyzeMFT.py is designed to fully parse the MFT file from an NTFS filesystem and present the results as accurately as possible in multip…
  ☆429Updated this week
• mandiant / flare-wmi
  ☆415Updated last year
• mkorman90 / regipy
  Regipy is an os independent python library for parsing offline registry hives
  ☆240Updated 3 weeks ago
• mandiant / ShimCacheParser
  ☆271Updated last year
• CERT-Polska / mquery
  YARA malware query accelerator (web frontend)
  ☆407Updated this week
• williballenthin / python-evtx
  Pure Python parser for Windows Event Log files (.evtx)
  ☆718Updated last month
• fireeye / pywintrace
  ETW Python Library
  ☆263Updated last year
• keydet89 / RegRipper2.8
  ☆375Updated this week
• volatilityfoundation / community
  Volatility plugins developed and maintained by the community
  ☆339Updated 3 years ago
• williballenthin / INDXParse
  Tool suite for inspecting NTFS artifacts.
  ☆213Updated 10 months ago
• godaddy / procfilter
  A YARA-integrated process denial framework for Windows
  ☆395Updated 4 years ago
• Rurik / Noriben
  Noriben - Portable, Simple, Malware Analysis Sandbox
  ☆1,101Updated 9 months ago
• R3MRUM / PSDecode
  PowerShell script for deobfuscating encoded PowerShell scripts
  ☆416Updated 3 years ago
• SekoiaLab / Fastir_Collector
  ☆505Updated 3 years ago
• jschicht / RawCopy
  Commandline low level file extractor for NTFS
  ☆272Updated 5 years ago
• mikesxrs / Open-Source-YARA-rules
  YARA Rules I come across on the internet
  ☆327Updated 5 months ago
• hiddenillusion / AnalyzePE
  Wraps around various tools and provides some additional checks/information to produce a centralized report of a PE file.
  ☆202Updated 10 years ago
• davidpany / WMI_Forensics
  ☆293Updated 4 years ago
• hatching / vmcloak
  Automated Virtual Machine Generation and Cloaking for Cuckoo Sandbox.
  ☆479Updated 4 months ago
• BayshoreNetworks / yextend
  Yara integrated software to handle archive file data.
  ☆296Updated 2 years ago
• pan-unit42 / public_tools
  ☆708Updated last year
• danielbohannon / Revoke-Obfuscation
  PowerShell Obfuscation Detection Framework
  ☆719Updated 9 months ago
• mkorman90 / VolatilityBot
  VolatilityBot – An automated memory analyzer for malware samples and memory dumps
  ☆263Updated 3 years ago
• guelfoweb / peframe
  PEframe is a open source tool to perform static analysis on Portable Executable malware and malicious MS Office documents.
  ☆605Updated 2 years ago
• cuckoosandbox / community
  Repository of modules and signatures contributed by the community
  ☆322Updated last year
• JPCERTCC / aa-tools
  Artifact analysis tools by JPCERT/CC Analysis Center
  ☆451Updated 2 months ago
• decalage2 / ViperMonkey
  A VBA parser and emulation engine to analyze malicious macros.
  ☆1,044Updated 2 months ago
• halpomeranz / lmg
  Script for automating Linux memory capture and analysis
  ☆263Updated 4 years ago
• ctxis / CAPE
  Malware Configuration And Payload Extraction
  ☆743Updated last year
• msuhanov / regf
  Windows registry file format specification
  ☆319Updated 5 years ago