RegRippy
RegRippy is a modern Python 3 alternative to RegRipper for extracting data from Windows registry hives.
This tool can parse normal records and recover deleted records in WebCacheV01.dat. WebCacheV01.dat is used in Internet Explorer 10 or 11 and Edge Browser. Advantages: - Can recover deleted records - Can view contents about InPrivate Browsing - Can extract and analyze WebCacheV01.dat from live system - Can parse any file regardless of its status - Shows more information than other tools (Download file information, HTTP Response Header, Web Page Title) - Can convert from ESE database to CSV or sqlite - Can apply to UTC time.
RegRippy is a modern Python 3 alternative to RegRipper for extracting data from Windows registry hives.
MalConfScan is a Volatility plugin for extracting configuration data of known malware and analyzing memory images.
NBD is a userland implementation of the Network Block Device protocol, allowing for remote access to block devices over a network.
A framework for orchestrating forensic collection, processing, and data export.
Create checkpoint snapshots of the state of running pods for later off-line analysis.
Fridump is an open source memory dumping tool using the Frida framework for dumping memory addresses from various platforms.