finds.dev← search

// the find

OX-Security-Demo/BankForensicsCollector

C · BSD-3-Clause · updated Jul 2026

A Windows ETW (Event Tracing for Windows) provider/consumer pair that collects forensics data — likely for security monitoring in a SaaS banking context. The provider is a DLL built with MSVC that registers as an ETW manifest-based provider; the consumer reads and decodes those events. This is plumbing-level Windows instrumentation code, not a standalone tool.

Uses manifest-based ETW (the .man file) rather than the older MOF approach, which means typed events and proper schema; the DLL-based provider pattern is the right architectural choice for process-agnostic collection; includes a Dockerfile suggesting some CI integration story; version.json implies there's at least a versioning discipline in place.

Zero stars, 2 forks, no README — there is no documentation explaining what events are actually collected, what schema they follow, or how to wire up the consumer; the 'OX-Security-Demo' org name suggests this is a vendor demo repo, not a real independent project, which makes 'production-code' topic tag feel aspirational at best; the ForensicsProvider.c is the only substantive source file visible, so the actual collection logic is opaque without reading it; being a MSVC-only Windows project with no cross-platform path limits who can meaningfully contribute or audit it.

View on GitHub →

// want more like this?

We dig through GitHub every week and send a few repos picked for what you actually care about — each with an honest take like this one.

Get finds in your inbox → Search again →