USN-Journal-Parser
Python script to parse the NTFS USN Change Journal.
Radare2 is a complete rewrite of radare. It provides a set of libraries, tools and plugins to ease reverse engineering tasks. It can edit files on local hard drives, view kernel memory, and debug programs locally or via a remote gdb/windbg servers. r2 can analyze, emulate, debug, modify, and disassemble any binary.
Python script to parse the NTFS USN Change Journal.
A Mac OS X computer forensics tool for analyzing system artifacts, user files, and logs with reputation verification and log aggregation capabilities.
A tool for collecting and analyzing screenshots from remote desktop protocols, web applications, and VNC connections.
Free software for extracting Microsoft cabinet files, supporting all features and formats of Microsoft cabinet files and Windows CE installation files.
A library to access FileVault Drive Encryption (FVDE) encrypted volumes on Mac OS X systems.
A comprehensive incident response tool for Windows computers, providing advanced memory forensics and access to locked systems.