Plaso
A Python-based engine for automatic creation of timelines in digital forensic analysis
libsmdev is a library and set of tools for accessing and analyzing storage media devices and partitions, enabling information security professionals to perform forensic analysis and investigation of storage devices effectively. It provides a set of tools to access and analyze storage media devices, and is currently in the alpha stage of development. Status: alpha Licence: LGPLv3+ Planned features: Multi-threading support
A Python-based engine for automatic creation of timelines in digital forensic analysis
Dump iOS Frequent Locations from StateModel#.archive files.
Tool for parsing NTFS journal files, $Logfile, and $MFT.
ShadowCopy Analyzer is a tool for cybersecurity researchers to analyze and utilize the ShadowCopy technology for file recovery and system restoration.
A Mac OS X computer forensics tool for analyzing system artifacts, user files, and logs with reputation verification and log aggregation capabilities.
libevt is a library to access and parse Windows Event Log (EVT) files.