woanware / wmi-parser
Parses the WMI object database....looking for persistence
☆31Updated 5 years ago
Alternatives and similar repositories for wmi-parser:
Users that are interested in wmi-parser are comparing it to the libraries listed below
- Emulates the Sysinternals Autoruns tool, but for DFIR purposes e.g. multi user processing☆55Updated 5 years ago
- Registry Explorer bookmark definitions☆41Updated 2 months ago
- Extract compressed memory pages from page-aligned data☆42Updated 6 years ago
- Extract common Windows artifacts from source images and VSCs☆65Updated 3 years ago
- Decode security descriptors in $Secure on NTFS☆20Updated 3 years ago
- ☆62Updated last week
- Tools for parsing Forensic images☆41Updated 6 years ago
- $MFT parser (from live systems or a copy of the $MFT) and raw file copy utility☆36Updated 7 months ago
- Plugins for parsing CSV files in Timeline Explorer. This project allows for anyone to add more supported files (i,e. they get a Line #/ta…☆22Updated last week
- Windows registry samples☆23Updated 6 years ago
- Binaries for the log2timeline projects and dependencies☆39Updated 5 months ago
- ☆31Updated 3 months ago
- Miscellaneous Scripts☆17Updated 4 years ago
- Automating forensic data extraction, reduction, and overall triage of cold disk and memory images.☆21Updated 6 years ago
- Publicly shareable windows event log message data☆27Updated 5 years ago
- Extract BITS jobs from QMGR queue and store them as CSV records☆75Updated last month
- Tool to parse SRU database☆24Updated 7 years ago
- Just Another broken Registry Parser (JARP)☆16Updated 9 months ago
- Yet another registry parser☆131Updated 2 years ago
- Script for parsing Symantec Endpoint Protection logs, VBNs, and ccSubSDK database.☆64Updated 2 years ago
- VSCode extension for the YARA pattern matching language☆64Updated last year
- A repo for centralizing ongoing research on the new Windows 10/11 DFIR artifact, EventTranscript.db.☆39Updated 2 years ago
- A DFVFS Backed Forensic Viewer☆40Updated 4 years ago
- geolocate ip addresses in IIS logs☆18Updated 2 months ago
- Volatility plugins created by the author☆44Updated 9 years ago
- Binary commandline executable to parse ETL files☆67Updated 6 years ago
- mod to myaut2exe decompiler☆13Updated 7 years ago
- PowerSponse is a PowerShell module focused on targeted containment and remediation during incident response.☆38Updated 2 years ago
- ☆39Updated 5 years ago