WELA
sidr
WELA | sidr | |
---|---|---|
3 | 2 | |
678 | 75 | |
0.0% | - | |
0.0 | 9.1 | |
over 1 year ago | 9 months ago | |
PowerShell | Rust | |
GNU General Public License v3.0 only | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
WELA
sidr
- sidr: Search Index Database Reporter - SIDR ("cider") is a tool designed to parse Windows search artifacts from Windows 10 (and prior) and Windows 11 systems. The tool handles both ESE databases (Windows.edb) and SQLite databases (Windows.db) as input and generates three detailed reports as output.
-
Stroz Friedberg releases a research blog and a parser for Windows Search Index Artifact
A new open source tool (SIDR) for reporting on Windows search indices: https://github.com/strozfriedberg/sidr
What are some alternatives?
hayabusa - Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
MemLabs - Educational, CTF-styled labs for individuals interested in Memory Forensics
teler - Real-time HTTP Intrusion Detection
chainsaw - Rapidly Search and Hunt through Windows Forensic Artefacts
WindowsDFIR - Repository for different Windows DFIR related CMDs, PowerShell CMDlets, etc, plus workshops that I did for different conferences or events.
matano - Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS
timesketch - Collaborative forensic timeline analysis
PoShLog - :nut_and_bolt: PoShLog is PowerShell cross-platform logging module. It allows you to log structured event data into console, file and much more places easily. It's built upon great C# logging library Serilog - https://serilog.net/
SIEM - SIEM Tactics, Techiques, and Procedures
WinLoginAudit - Send realtime Windows Login Audit trail to Telegram messenger
EnableWindowsLogSettings - Documentation and scripts to properly enable Windows event logs.