woanware / wmi-parser
Parses the WMI object database....looking for persistence
☆31Updated 5 years ago
Alternatives and similar repositories for wmi-parser:
Users that are interested in wmi-parser are comparing it to the libraries listed below
- Registry Explorer bookmark definitions☆41Updated 3 months ago
- Decode security descriptors in $Secure on NTFS☆20Updated 3 years ago
- Extract compressed memory pages from page-aligned data☆44Updated 6 years ago
- ☆62Updated 2 weeks ago
- Windows registry samples☆23Updated 6 years ago
- Extract common Windows artifacts from source images and VSCs☆65Updated 3 years ago
- Binary commandline executable to parse ETL files☆67Updated 6 years ago
- Tools for parsing Forensic images☆41Updated 6 years ago
- Extract BITS jobs from QMGR queue and store them as CSV records☆75Updated last month
- Miscellaneous Scripts☆17Updated 4 years ago
- It is based on bulk_extractor (https://github.com/simsong/bulk_extractor) and add scanners for record carving☆40Updated 4 years ago
- $MFT parser (from live systems or a copy of the $MFT) and raw file copy utility☆36Updated 8 months ago
- Binaries for the log2timeline projects and dependencies☆39Updated 6 months ago
- Psinfo is a Volatility plugin which collects the process related information from the VAD (Virtual Address Descriptor) and PEB (Process E…☆36Updated 8 years ago
- Emulates the Sysinternals Autoruns tool, but for DFIR purposes e.g. multi user processing☆55Updated 5 years ago
- Tool to parse SRU database☆24Updated 7 years ago
- Automating forensic data extraction, reduction, and overall triage of cold disk and memory images.☆21Updated 6 years ago
- Just Another broken Registry Parser (JARP)☆16Updated 10 months ago
- Scripts and tools created for appx analysis talk (Magnet summit 2019)☆15Updated last year
- ☆39Updated 5 years ago
- Mass Triage Tools☆20Updated last month
- Volatility plugins created by the author☆44Updated 9 years ago
- ☆31Updated 4 months ago
- Generate a Yara rule to find base64-encoded files containg a specific keyword☆40Updated 6 years ago
- Stand-alone parser for User Access Logging from Server 2012 and newer systems☆72Updated last year
- Windows Thingies in Python for live use.☆24Updated 5 years ago
- Yet another registry parser☆131Updated 2 years ago
- A DFVFS Backed Forensic Viewer☆40Updated 4 years ago
- PowerSponse is a PowerShell module focused on targeted containment and remediation during incident response.☆38Updated 3 years ago
- RegRipper wrapper for simplified bulk parsing or registry hives☆9Updated 6 years ago