hivex
A Windows Registry hive extraction library that reads and writes Windows Registry 'hive' binary files.
dc3dd is an enhanced version of the GNU dd tool, designed for forensic data acquisition, featuring on-the-fly hashing, split output files, pattern writing, a progress meter, and file verification.
A Windows Registry hive extraction library that reads and writes Windows Registry 'hive' binary files.
A library for working with Windows NT data types, providing access and manipulation functions.
A tool that uses graph theory to reveal hidden relationships and attack paths in an Active Directory environment.
Automated collection tool for incident response triage in Windows systems.
LiME is a Linux Memory Extractor tool for acquiring volatile memory from Linux and Linux-based devices, including Android, with features like full memory captures and minimal process footprint.
Tool for live forensics acquisition on Windows systems, collecting artefacts for early compromise detection.