Willi Ballenthin





    Automatically extract obfuscated strings from malware.
  • python-idb

    Pure Python parser and analyzer for IDA Pro database files (.idb).
  • python-registry

    Read access to Windows Registry files.
  • python-evtx

    Pure Python parser for modern Windows Event Log files (.evtx).
  • python-evt

    Recover event log entries from an image by heurisitically looking for record structures.
  • python-cim (WMI)

    Pure Python parser for the Microsoft Windows CIM (WMI) repository database.
    This database is found in the files OBJECTS.DATA, INDEX.BTR, and MAPPING[1-3].MAP.
  • python-sdb

    Pure Python parser for Application Compatibility Shim Databases (.sdb files) .
  • INDXParse

    Tool suite for inspecting NTFS artifacts.
  • EVTXtract

    Recover and reconstruct fragments of EVTX log files from raw binary data, including unallocated space and memory images.