Conversion utils from, and to Windows's FILETIME, SYSTEMTIME, etc ...
Windows FILETIME and SYSTEMTIME string and binary serialization
A Rust log provider which forwards events to Event Tracing for Windows (ETW).
Enables apps to report events to Event Tracing for Windows (ETW).
Provides metadata definitions for the win_etw_provider and win_etw_macros crates.
Enables apps to report events to Event Tracing for Windows (ETW).
Provides a backend for the `tracing` crate that logs events to ETW (Event Tracing for Windows).
An enhanced version of filetime, which can set file creation time on Windows before Rust 1.75.
The ForensicNomicon — comprehensive DFIR artifact catalog: UserAssist, Shimcache, Amcache, Prefetch, $MFT, ShellBags, EVTX, NTDS.dit, SAM, SRUM, LNK, Jump Lists + KAPE/Velociraptor/Sigma/MITRE. Zero deps.