Microsoft

ESC8 & ECS11 (petitpotam)

Chainsaw

GitHub - Yamato-Security/RustyBlue: RustyBlue is a rust implementation of DeepblueCLI, a forensics log analyzer for finding evidence of compromise from windows event logs.GitHub

WELA

LogonTracer

GitHub - sbousseaden/EVTX-ATTACK-SAMPLES: Windows Events Attack SamplesGitHub

Windows Forensic 101: How to Perform Forensic Investigation of Windows Machine?Medium