LfLe
Recover event log entries from an image by heuristically looking for record structures.
PassMark OSForensics is a digital investigation tool that allows users to extract forensic data from computers quickly and easily, uncovering hidden information inside a PC. It enables users to discover relevant data faster through high-performance file searching and indexing, extract passwords, decrypt files, and recover deleted files from various operating systems. Additionally, it helps in identifying evidence and suspicious activity through hash matching and drive signature analysis features, as well as automatically creating a timeline of user activity. With its 360° Case Management Solution, users can manage their entire digital investigation, build custom reports, and attach reports from other tools. OSForensics also offers a collection of tools like OSFMount and OSFClone for mounting disk images and creating/cloning raw disk images, respectively.
Recover event log entries from an image by heuristically looking for record structures.
A Python 2.x tool for memory analysis on Mac OS X systems with support for various OS versions and memory image export capabilities.
A library to access FileVault Drive Encryption (FVDE) encrypted volumes on Mac OS X systems.
An anti-forensic kill-switch tool for USB ports to shut down the computer immediately in case of unauthorized access.
A cross-platform registry hive editor for forensic analysis with advanced features like hex viewer and reporting engine.
A console program for file recovery through data carving.