Documentation project for Digital Forensics Artifact Repository
This is an MFT and USN parser that allows direct extraction in filesystem timeline format (mactime), dump all resident files in the MFT in their original folder structure and run yara rules over them all. It uses Omer BenAmram's great MFT rust parsing libraries, which allows a great speed and efficiency in the process. The integration with the USN Journal parser allows to have in the same timeline the combined MFT and USN data. You can use as input files either individual files derived from a triage or a forensic image in RAW format or a mixture of both modes. In case the input is RAW the artifacts will be dumped in a selected directory.
Documentation project for Digital Forensics Artifact Repository
A command-line utility and Python package for mounting and unmounting various disk image formats with support for different volume systems and filesystems.
dc3dd is a patch to the GNU dd program, tailored for forensic acquisition with features like hashing and file verification.
Educational CTF-styled challenges for Memory Forensics.
A digital forensic tool for creating forensic images of computer hard drives and analyzing digital evidence.
CyLR is a Live Response Collection tool for quickly and securely collecting forensic artifacts from hosts with NTFS file systems.
