// the find
OX-Security-Demo/BankForensicsCollector
A Windows ETW (Event Tracing for Windows) provider/consumer pair that collects forensics data — likely for security monitoring in a SaaS banking context. The provider is a DLL built with MSVC that registers as an ETW manifest-based provider; the consumer reads and decodes those events. This is plumbing-level Windows instrumentation code, not a standalone tool.
Uses manifest-based ETW (the .man file) rather than the older MOF approach, which means typed events and proper schema; the DLL-based provider pattern is the right architectural choice for process-agnostic collection; includes a Dockerfile suggesting some CI integration story; version.json implies there's at least a versioning discipline in place.
Zero stars, 2 forks, no README — there is no documentation explaining what events are actually collected, what schema they follow, or how to wire up the consumer; the 'OX-Security-Demo' org name suggests this is a vendor demo repo, not a real independent project, which makes 'production-code' topic tag feel aspirational at best; the ForensicsProvider.c is the only substantive source file visible, so the actual collection logic is opaque without reading it; being a MSVC-only Windows project with no cross-platform path limits who can meaningfully contribute or audit it.