DFIR ORC Logo

DFIR ORC

0
Free
Visit Website

Build Branch Status: - main release/10.1 - release/10.2 Requirements: - Visual Studio From 2017 to 2022 - English only (vcpkg limitation) Use this installer configuration or alternatively use vstools. Check also 'Desktop development with C++'. Kitware's CMake >= 3.25 or Visual Studio integrated version. Build environment can be setup quickly using Microsoft's developer virtual machines. Import this .vsconfig from Visual Studio Installer. Commands: - Both 32-bit and 64-bit versions should be built for maximum compatibility before deployment. - See https://dfir-orc.github.io for more details about deployment and configuration. In a prompt like Developer Command Prompt for VS 2019 (prefer to avoid using cmd.exe): - git clone --recursive https://github.com/dfir-orc/dfir-orc.git - cd dfir-orc - mkdir build-x86 build-x64 - cd build-x86 - cmake -G 'Visual Studio 17 2022' -A Win32 -T v141_xp .. - cmake --build . --config MinSizeRel -- -maxcpucount - cd ../build-x64 - cmake -G 'Visual Studio 17 2022' -A x64 -T v141_xp .. - cmake --build . --config MinSizeRel -- -maxcpucount The -T v141_xp option will allow compatibility with Windows XP SP2 and later, it can safely be removed if not needed.

FEATURES

ALTERNATIVES

No More Ransom is a collaborative project to combat ransomware attacks by providing decryption tools and prevention advice.

A library to access the Windows New Technology File System (NTFS) format with read-only support for NTFS versions 3.0 and 3.1.

ID-spoofing NFS client

A simple Golang application for storing NIST National Software Reference Library Reference Data Set (NSRL RDS) with md5 and sha1 hash lookup searches.

A network forensics tool for visualizing packet captures as network diagrams with detailed analysis.

Scripts to automate the process of enumerating a Linux system through a Local File Inclusion (LFI) vulnerability.

A framework/scripting tool to standardize and simplify the process of scripting favorite Live Acquisition utilities for Incident Responders.

mac_apt is a versatile DFIR tool for processing Mac and iOS images, offering extensive artifact extraction capabilities and cross-platform support.

PINNED