janstarke

Dresden (Germany)

Pinned Repositories

evtxgrep
filtering Windows Event Log files
Language:Rust8 1 00
evtxview
evtxview is a GUI viewer for Microsoft Windows evtx files (Windows event logs). I'm hacking this tiny tool because I need such a tool in most forensic investigations.
Language:Python12 4 01
forensic-scripts
Collection of useful forensic scripts
Language:Python5 1 00
ipgrep
search for IP addresses in text files
Language:Rust4 1 00
libpefile
library to parse PE files
Language:Rust2 1 00
mft2bodyfile
parses an $MFT file to bodyfile
Language:Rust7 2 30
ntdsextract2
This aims to be a collection of tools to forensically analyze Active Directory databases
Language:Rust20 2 162
python-evtxtools
Collection of command line tools to correlate windows event logs. This set of tools is aimed to be used at forensic investigations.
Language:Python4 2 00
regview
Offline-viewer for registry files
Language:Rust11 2 40
rexgen
API Documentation
Language:C++52 10 4820

janstarke's Repositories

janstarke/rexgen
API Documentation
Language:C++52 10 4820
janstarke/ntdsextract2
This aims to be a collection of tools to forensically analyze Active Directory databases
Language:Rust20 2 162
janstarke/regview
Offline-viewer for registry files
Language:Rust11 2 40
janstarke/mft2bodyfile
parses an $MFT file to bodyfile
Language:Rust7 2 30
janstarke/forensic-scripts
Collection of useful forensic scripts
Language:Python5 1 00
janstarke/dfir-esedb
A library to allow forensic analysis of EseDB files
Language:Rust3 1 0
janstarke/es4forensics
⛔️ DEPRECATED: Use https://github.com/dfir-dd/dfir-toolkit instead
Language:Rust3 1 2
janstarke/evtx2bodyfile
Parses a lot of evtx files and prints a bodyfile
Language:Rust3 1 01
janstarke/evtxtools
⛔️ DEPRECATED: Use https://github.com/dfir-dd/dfir-toolkit instead
Language:Rust3 1 20
janstarke/clap-markdown-dfir
Autogenerate Markdown documentation for clap command-line tools (forked from ConnorGray/clap-markdown)
Language:Rust2 0 0
janstarke/usnjrnl
Parses Windows $UsnJrnl files
Language:Rust2 1 1
janstarke/janstarke.github.io
Language:MDX1 1 0
janstarke/lnk-rs
A Rust library for parsing and writing MS Shell Links (shortcuts, *.lnk)
Language:Rust1 0 01
janstarke/loghawk
A cli tool to display large CSV files
Language:Rust1 1 0
janstarke/mactime2
⛔️ DEPRECATED: Use https://github.com/dfir-dd/dfir-toolkit instead
Language:Rust1 1 21
janstarke/evtx
A Fast (and safe) parser for the Windows XML Event Log (EVTX) format
Language:Rust0 0 00
janstarke/cryptopals
Language:Rust
janstarke/csvlens
Command line csv viewer
janstarke/dissect.target
The Dissect module tying all other Dissect modules together. It provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets).
Language:Python0 0
janstarke/ecs_types
Rust types mapping to the elasticsearch common schema
Language:Rust2 0
janstarke/flow-record
Library for the creation of DFIR timelines
Language:Rust1 0
janstarke/flow.record
Recordization library
Language:Python0 0
janstarke/janstarke
1 0
janstarke/kb
Personal Knowledge Base
1 0
janstarke/libesedb
Library and tools to access the Extensible Storage Engine (ESE) Database File (EDB) format.
janstarke/liblnk
Library and tools to access the Windows Shortcut File (LNK) format
Language:C0 0
janstarke/memoverlay
Puts a writable layer of bytes over some byte stream
Language:Rust1 0
janstarke/pol_export
⛔️ DEPRECATED: Use https://github.com/dfir-dd/dfir-toolkit instead
Language:Rust1 1
janstarke/sleuthkit
The Sleuth Kit® (TSK) is a library and collection of command line digital forensics tools that allow you to investigate volume and file system data. The library can be incorporated into larger digital forensics tools and the command line tools can be directly used to find evidence.
Language:C0 0
janstarke/zip-old
Zip implementation in Rust
Language:Rust0 0