MalConfScan
MalConfScan is a Volatility plugin for extracting configuration data of known malware and analyzing memory images.
PowerForensics is a PowerShell digital forensics framework for hard drive forensic analysis, supporting NTFS and FAT file systems, with plans for HFS+ and Extended File System support. It provides a public API for forensic tasks, built on a C# Class Library, allowing for modular expansion of capabilities. Documentation and installation instructions can be found on Read The Docs and GitHub.
MalConfScan is a Volatility plugin for extracting configuration data of known malware and analyzing memory images.
A collection of PowerShell modules for artifact gathering and reconnaissance of Windows-based endpoints.
dc3dd is a patch to the GNU dd program, tailored for forensic acquisition with features like hashing and file verification.
Web interface for the Volatility Memory Forensics Framework
MFT and USN parser for direct extraction in filesystem timeline format with YARA rule support.
RegRippy is a modern Python 3 alternative to RegRipper for extracting data from Windows registry hives.