Parses the WMI object database....looking for persistence
☆34Dec 12, 2019Updated 6 years ago
Alternatives and similar repositories for wmi-parser
Users that are interested in wmi-parser are comparing it to the libraries listed below
Sorting:
- CryptnetURLCacheParser is a tool to parse CryptAPI cache files☆21Aug 3, 2024Updated last year
- Stand-alone parser for User Access Logging from Server 2012 and newer systems☆78Jan 9, 2024Updated 2 years ago
- Windows Thingies in Python for live use.☆24Apr 22, 2019Updated 6 years ago
- ☆24Mar 12, 2025Updated 11 months ago
- Memory Baseliner is a script that can compare two windows memory images or perform frequency of occurrence / data stacking analysis on mu…☆56Jul 2, 2023Updated 2 years ago
- ☆309Aug 14, 2020Updated 5 years ago
- Browse Windows Prefetch versions: 17,23,26,30v1/2,31 & some of SuperFetch .7db/.db's☆64Dec 18, 2024Updated last year
- Forensic cheatsheets for use with cheat☆15Dec 2, 2021Updated 4 years ago
- IP addresses exploiting recent log4j2 vulnerability CVE-2021-44228☆16Dec 19, 2021Updated 4 years ago
- extract and parse WEVT_TEMPLATEs from PE files☆18Dec 30, 2023Updated 2 years ago
- Emulates the Sysinternals Autoruns tool, but for DFIR purposes e.g. multi user processing☆55May 18, 2019Updated 6 years ago
- Miscellaneous Scripts☆17Sep 11, 2020Updated 5 years ago
- Helper scripts to automate the extraction of YARA rules from XProtectRemediators☆22Mar 5, 2024Updated last year
- Automatic/Custom Destinations & LNK (MS-SHLLINK) Browser☆44Feb 21, 2026Updated last week
- ☆20Jan 10, 2025Updated last year
- ☆51Nov 25, 2025Updated 3 months ago
- $MFT parser (from live systems or a copy of the $MFT) and raw file copy utility☆38Jul 18, 2024Updated last year
- JPCERT/CC public YARA rules repository☆109Nov 14, 2025Updated 3 months ago
- Page File analysis tools.☆131Dec 3, 2015Updated 10 years ago
- CLI tool to compute the TypeRefHash for .NET binaries.☆19Nov 10, 2021Updated 4 years ago
- Remote access and Antivirus Logging Database☆45Apr 28, 2024Updated last year
- It is based on bulk_extractor (https://github.com/simsong/bulk_extractor) and add scanners for record carving☆42Apr 23, 2020Updated 5 years ago
- USN Journal full path builder☆65Sep 16, 2024Updated last year
- A repository containing the research output from my GCFE Gold Paper which compared Windows 10 and Windows 11.☆27Jul 27, 2022Updated 3 years ago
- This is a set of tools for doing forensics analysis on Microsoft ESE databases.☆130Jan 31, 2022Updated 4 years ago
- Initial triage of Windows Event logs☆106Jun 16, 2024Updated last year
- Repository for LNK stuff☆31Aug 31, 2022Updated 3 years ago
- NTFS samples☆27Aug 1, 2020Updated 5 years ago
- A simple many-rules to many-files YARA scanner for incident response or malware zoos.☆27Jun 3, 2018Updated 7 years ago
- Imphash-like calculation on Golang binaries☆49Jul 2, 2022Updated 3 years ago
- PowerShell scripts to aid investigators when utilizing O365 and Magnet Axiom.☆12Aug 26, 2024Updated last year
- Queries for parsed spotlight database in sqlite☆13Dec 29, 2020Updated 5 years ago
- An open-source computer forensics tool that can display summary as the result of Windows Event Log analysis based on the chosen function(…☆11Feb 2, 2023Updated 3 years ago
- FileSigExtractor is a python based tool which extracts the file signatures of all files within a directory and writes the output to a CSV…☆10Jul 15, 2023Updated 2 years ago
- This tool aims at parsing Microsoft Protection logs to provide relevant data to forensic analysts during incident responses.☆21Sep 30, 2022Updated 3 years ago
- VB Exe Parser is an IDA script written in Python. This script will help you to parse VB program internal structures. It can find: Event, …☆17Oct 8, 2016Updated 9 years ago
- A password list optimized for use on Android devices.☆11Jul 2, 2022Updated 3 years ago
- Tool to parse SRU database☆25Mar 1, 2018Updated 8 years ago
- Windows registry samples☆24Nov 18, 2018Updated 7 years ago