libqcow
A library to access and read QEMU Copy-On-Write (QCOW) image file formats with support for zlib compression and AES-CBC encryption.
Forensia is an anti-forensics tool designed for Red Teamers to erase footprints in the post-exploitation phase, reducing payload burnout and increasing detection countdown. It can be used to test the capabilities of incident response/forensics teams by unloading Sysmon driver, Gutmann method file shredding, USNJrnl disabler, prefetch disabler, log eraser, event log disabler, user assist update time disabler, access time disabler, clear recent items, clear Shim cache, clear RecentFileCache, clear ShellBag, delete Windows Defender quarantine files, file melting capabilities, and more. It also includes an important update that adds the ability to clear recent items, Shim cache, RecentFileCache, ShellBag, and quarantine files, with upcoming features like USNJrnl execution on all disk drives, unallocated space rewriting, and further enhancements. Credits to various contributors are acknowledged.
A library to access and read QEMU Copy-On-Write (QCOW) image file formats with support for zlib compression and AES-CBC encryption.
Dump iOS Frequent Locations from StateModel#.archive files.
Tool for analyzing Windows Recycle Bin INFO2 file
Stegextract is a Bash script that extracts hidden files and strings from images, supporting PNG, JPG, and GIF formats.
Python tool for remotely or locally dumping RAM of a Linux client for digital forensics analysis.
Python script to parse macOS MRU plist files into human-friendly format