A framework/scripting tool to standardize and simplify the process of scripting favorite Live Acquisition utilities for Incident Responders.
ShadowCopy Analyzer is a tool designed for cybersecurity researchers to analyze and utilize the ShadowCopy technology, which allows the creation of backup snapshots of computer volumes or files, aiding in file recovery, ransomware mitigation, and system restoration. It provides functionalities such as creating, listing, and deleting ShadowCopies, as well as exporting them to VHD files. It is important to run the tool with Administrator privileges to access all its capabilities.
A framework/scripting tool to standardize and simplify the process of scripting favorite Live Acquisition utilities for Incident Responders.
Toolkit for post-mortem analysis of Docker runtime environments using forensic HDD copies.
Tool for parsing NTFS journal files, $Logfile, and $MFT.
A cross-platform registry hive editor for forensic analysis with advanced features like hex viewer and reporting engine.
Stegextract is a Bash script that extracts hidden files and strings from images, supporting PNG, JPG, and GIF formats.
A tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container, aiding in digital forensic triage.