YARALYZER
Visually inspect regex matches in binary data/text with YARA and regular expressions, displaying matched bytes and surrounding context.
The Advanced Forensics File Format 4 (AFF4) is an open source format used for the storage of digital evidence and data. This project implements a C/C++ library for creating, reading and manipulating AFF4 images, and includes the canonical aff4imager binary which provides a general purpose standalone imaging tool. The library and binary are known to work on Linux, Windows, and OSX. It supports reading and writing ZipFile style volumes, Directory style volumes, and AFF4 Image streams using deflate or snappy compressor. It also supports multi-threaded imaging for efficient utilization on multi-core systems. However, it does not currently implement Section 6. Hashing of the standard, including verifying or generating linear or block hashes.
Visually inspect regex matches in binary data/text with YARA and regular expressions, displaying matched bytes and surrounding context.
Exiv2 is a C++ library and command-line utility for image metadata manipulation.
Review of various MFT parsers used in digital forensics for analyzing NTFS file systems.
Python script to parse the NTFS USN Change Journal.
RegRippy is a modern Python 3 alternative to RegRipper for extracting data from Windows registry hives.
Second-order subdomain takeover scanner