Cool win-thingies

My repository for doing dfir windows things in real time.

Scripts

scripts/etw_mon.py

See etw_mon docs

scripts/userassist_monitor.py

See userassist_monitor docs

scripts/print_handles.py

See print_handles docs

scripts/print_publishers.py

See print_publishers docs

Thanks

Thanks to other people's work that were great win32 ctype references.

• https://github.com/rabbitstack/fibratus
• https://github.com/fireeye/pywintrace
• https://github.com/hakril/PythonForWindows
• https://github.com/NadavRazDev/dotfiles