MFT_Browser
Recreates the File/Directory tree structure from an extracted $MFT file with detailed record mapping and analysis capabilities.
LiME (Linux Memory Extractor) is a Loadable Kernel Module (LKM) that enables volatile memory acquisition from Linux and Linux-based devices, including Android. It is the first tool to allow full memory captures on Android devices, minimizing user-kernel space interaction for more forensically sound captures. Features include full Android memory acquisition, acquisition over network interface, minimal process footprint, and hash of dumped memory. Usage involves loading the module using the insmod command with specified arguments like path, format, and optional parameters like digest and dio.
Recreates the File/Directory tree structure from an extracted $MFT file with detailed record mapping and analysis capabilities.
A tool with advanced filtering capabilities for analyzing events based on time, path, weekday, and date.
Analyzing WiFiConfigStore.xml file for digital forensics on Android devices.
A Mac OS X forensic utility for ensuring correct forensic procedures during disk imaging.
Forensics tool for exploring offline Docker filesystems.
Customizable live OS constructor tool for remote forensics and incident response.