Detect - Tools

Deleted BAM Keys Parser

Analyses the registry, specifically for BAM (Background Activity Monitor) Key Deletions, and outputs found deleted, keys + if the file exists, its digital signature, and its entropy.

detect.ac/tool/delbam

Windows Sqlite Database Parser

Analyze Windows database files for recent paths, executables, search history and notepad history. This only works on Windows 11 Machines.

detect.ac/tool/windb

BAM Parser

Parse and analyze BAM (Background Activity Moderator) data for timestamps, usn modifications and unsigned/flagged files with yara rules.

detect.ac/tool/bam

Prefetch Parser

Analyze Windows Prefetch files for unsigned, flagged files using yara and timestamps for execution.

detect.ac/tool/prefetch

PcaSvc Executed

Track and analyze Program Compatibility Assistant Service executions and flag unsigned files, and flagged files using yara rules.

detect.ac/tool/pcasvc

Process Parser

Analyze AppInfo and Diagtrack for flagged files with yara rules, all in instance.