| AmcacheParser | 1.5.1.0 | 1.5.1.0 | Amcache.hve parser with lots of extra features. Handles locked files |
| AppCompatCacheParser | 1.5.0.0 | 1.5.0.0 | AppCompatCache aka ShimCache parser. Handles locked files |
| bstrings | 1.5.2.0 | 1.5.2.0 | Find them strings yo. Built in regex patterns. Handles locked files |
| EvtxECmd | 1.5.0.0 | 1.5.0.0 | Event log (evtx) parser with standardized CSV, XML, and json output! Custom maps, locked file support, and more! |
| EZViewer | 1.0.0.0 | 2.0.0.0 | Standalone, zero dependency viewer for .doc, .docx, .xls, .xlsx, .txt, .log, .rtf, .otd, .htm, .html, .mht, .csv, and .pdf. Any non-supported files are shown in a hex editor (with data interpreter!) |
| Hasher | 2.0.0.0 | - | Hash all the things |
| JLECmd | 1.5.0.0 | 1.5.0.0 | Jump List parser |
| JumpList Explorer | 1.4.0.0 | 2.0.0.0 | GUI based Jump List viewer |
| LECmd | 1.5.0.0 | 1.5.0.0 | Parse lnk files |
| MFTECmd | 1.2.2.0 | 1.2.2.0 | $MFT, $Boot, $J, $SDS, $I30, and $LogFile (coming soon) parser. Handles locked files |
| MFTExplorer | 0.5.1.0 | 2.0.0.0 | Graphical $MFT viewer |
| PECmd | 1.5.0.0 | 1.5.0.0 | Prefetch parser |
| RBCmd | 1.5.0.0 | 1.5.0.0 | Recycle Bin artifact (INFO2/$I) parser |
| RecentFileCacheParser | 1.5.0.0 | 1.5.0.0 | RecentFileCache parser |
| RECmd | 1.6.0.0 | 2.0.0.0 | Powerful command line Registry tool searching, multi-hive support, plugins, and more |
| Registry Explorer | 1.6.0.0 | 2.0.0.0 | Registry viewer with searching, multi-hive support, plugins, and more. Handles locked files |
| RLA | 2.0.0.0 | 2.0.0.0 | Replay transaction logs and update Registry hives so they are no longer dirty. Useful when tools do not know how to handle transaction logs |
| SDB Explorer | 1.0.0.0 | 2.0.0.0 | Shim database GUI |
| SBECmd | 2.0.0.0 | 2.0.0.0 | ShellBags Explorer, command line edition, for exporting shellbag data |
| ShellBags Explorer | 1.4.0.0 | 2.0.0.0 | GUI for browsing shellbags data. Handles locked files |
| SQLECmd | 1.0.0.0 | 1.0.0.0 | Find and process SQLite files according to your needs with maps! |
| SrumECmd | 0.5.1.0 | 0.5.1.0 | Process SRUDB.dat and (optionally) SOFTWARE hive for network, process, and energy info! |
| SumECmd | 0.5.2.0 | 0.5.2.0 | Process Microsoft User Access Logs found under βC:\Windows\System32\LogFiles\SUMβ |
| Timeline Explorer | 1.3.0.0 | 2.0.0.0 | View CSV and Excel files, filter, group, sort, etc. with ease |
| VSCMount | 1.5.0.0 | 1.5.0.0 | Mount all VSCs on a drive letter to a given mount point |
| WxTCmd | 1.0.0.0 | 1.0.0.0 | Windows 10 Timeline database parser |
Web Login Bypassing Techniques
Bugbounty Checklist β