dfvfs
A digital forensics tool that provides read-only access to file-system objects from various storage media types and file formats.
Incident Response Triage is a scripted collection tool that automatically runs as an administrator in Windows versions, except WinXP, to gather system information valuable to a Forensic Analyst. It collects system information, network information, registry hives, disk information, and dumps memory, providing fast forensics in situations where a full disk image is not feasible.
A digital forensics tool that provides read-only access to file-system objects from various storage media types and file formats.
A library to access and parse Windows XML Event Log (EVTX) format, useful for digital forensics and incident response.
Tool for live forensics acquisition on Windows systems, collecting artefacts for early compromise detection.
A library for working with Windows NT data types, providing access and manipulation functions.
A framework for orchestrating forensic collection, processing, and data export.
Exiv2 is a C++ library and command-line utility for image metadata manipulation.