defender-detectionhistory-parser
Forensic parser
A Python-based tool for parsing and analyzing Windows Defender's DetectionHistory forensic artifact.
A parser of Windows Defender's DetectionHistory forensic artifact, containing substantial info about quarantined files and executables.
110 stars
8 watching
15 forks
Language: Python
last commit: about 3 years ago Related projects:
| Repository | Description | Stars |
|---|---|---|
 dissectmalware/officeforensictools | A Python-based collection of tools for gathering forensic information from Office documents | 26 |
 sekoialab/fastir_collector | A tool for collecting and analyzing Windows system artefacts on live systems | 507 |
 ydkhatri/mac_apt | A digital forensics tool for analyzing macOS and iOS systems | 790 |
 msuhanov/dfir_ntfs | A digital forensics tool for parsing and analyzing NTFS/FAT file systems. | 196 |
 cylance/pypackerdetect | An executable detection tool using PE parsing and machine learning signatures to identify packed samples. | 30 |
 travisfoley/dfirtriage | A digital forensic tool designed to gather and analyze data from Windows-based systems in incident response scenarios. | 335 |
 pjrinaldi/wombatforensics | A multi-threaded GUI forensic analysis tool for Linux | 48 |
 flo354/iosforensic | A tool to aid in forensic analysis of iOS devices | 63 |
 ownsecurity/fastir_artifacts | A tool for collecting forensic artifacts from live hosts across multiple operating systems. | 160 |
 joxeankoret/pyew | A command-line tool for analyzing malware and disassembling binary files | 386 |
 idiom/pftriage | Tool to analyze files during malware analysis and triage by extracting properties and detecting malicious indicators. | 77 |
 hashlookup/hashlookup-forensic-analyser | Analyze digital evidence by searching for files against a large public hash database and generating reports on findings. | 126 |
 patois/xray | Tool for filtering and highlighting decompiler output based on regular expressions | 125 |
 uqcyber/coldpress | Automates malware analysis workflow by extracting features and indicators of compromise from malicious files using various tools and libraries. | 16 |
 sh3llyr/yarascanparser | A tool to parse JSON output from Yara Scan Service's malware analysis and extract relevant information for rule optimization. | 11 |