WinSearchDBAnalyzer
0 (0)
WinSearchDBAnalyzer can parse and recover records in Windows.edb, providing detailed insights into various data types.
Meet M.E.A.T! From Jack Farley - BlackStone Discovery. This toolkit aims to help forensicators perform different kinds of acquisitions on iOS devices (and Android in the future). Requirements to run from source: Windows or Linux, Python 3.7.4 or 3.7.2, Pip packages seen in requirements.txt. Types of Acquisitions Supported: iOS Devices Logical - Using the logical acquisition flag on MEAT will instruct the tool to extract files and folders accessible through AFC on jailed devices. The specific folder that allows access is: \private\var\mobile\Media, which includes folders such as: AirFair, Books, DCIM, Downloads, general_storage, iTunes_Control, MediaAnalysis, PhotoData, Photos, PublicStaging, Purchases, Recordings. Filesystem iOS Device Prerequisites: Jailbroken iOS Device, AFC2 Installed via Cydia. Using the filesystem acquisition flag on MEAT will instruct the tool to start the AFC2 service and copy all files and folders back to the host machine. This method requires the device to be jailbroken with the following package installed: Apple File Conduit 2. This method can also be changed by the user using the -filesystemPath flag to instruct MEAT to only extract specific folders.
WinSearchDBAnalyzer can parse and recover records in Windows.edb, providing detailed insights into various data types.
A Python 2.x tool for memory analysis on Mac OS X systems with support for various OS versions and memory image export capabilities.
A collection of Mac OS X and iOS forensics resources with a focus on artifact collection and collaboration.
Open Backup Extractor is an open source program for extracting data from iPhone and iPad backups.
Modern digital forensics and incident response platform with comprehensive tools.
A file search and query tool for ops and security experts.