AmgdGocha / DriveFS-SleuthLinks
DriveFS Sleuth is a Python tool that automates investigating Google Drive File Stream disk artifacts, the tool has been developed based on research that has been performed by mounting different scenarios and noting down the changes in the Google Drive File Stream disk artifacts.
☆82Updated 6 months ago
Alternatives and similar repositories for DriveFS-Sleuth
Users that are interested in DriveFS-Sleuth are comparing it to the libraries listed below
Sorting:
- A repo hosting the Markua content for the EZ Tools manuals hosted on Leanpub☆77Updated last year
- A script that updates KAPE (using Get-KAPEUpdate.ps1) as well as EZ Tools (within .\KAPE\Modules\bin) and the ancillary files that enhanc…☆57Updated 3 weeks ago
- Digital Forensics Artifacts Knowledge Base☆83Updated last year
- USN Journal full path builder☆61Updated 10 months ago
- ☆68Updated 7 months ago
- Windows Forensics Environment Builder☆155Updated last week
- Python based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)☆69Updated last year
- Forensic tool for acquisition, triage and analysis of remote block devices via iSCSI protocol.☆41Updated 8 months ago
- A repo to centralize some of the regular expressions I've found useful over the course of my DFIR career.☆98Updated 2 years ago
- Parses USB connection artifacts from offline Registry hives☆99Updated last month
- ☆52Updated last week
- A curated list of KAPE-related resources☆169Updated 2 months ago
- Chrome Logs Events and Protobuf Parser☆39Updated 2 years ago
- Python script to walk a folder or a zip file for SQLite Databases☆38Updated last year
- FJTA (Forensic Journal Timeline Analyzer) is a tool that analyzes Linux filesystem (ext4, XFS) journals (not systemd-journald logs), gene…☆76Updated this week
- A simple script to read the contents of a zip/tar/folder and extract metadata☆22Updated 3 months ago
- This repository contains helper scripts and custom configs to get the best out of Google's Timesketch project.☆110Updated last year
- Project based on RegRipper, to extract add'l value/pivot points from TLN events file☆85Updated 5 months ago
- acquire is a tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container.☆105Updated this week
- A forensic open-source parser module for Autopsy that allows extracting the messages, comments, posts, contacts, calendar entries and rea…☆96Updated last year
- Remote access and Antivirus Logging Database☆42Updated last year
- Various PowerShells scripts I've made (or others have made) to automate some of the boring stuff in my everyday DFIR journey!☆46Updated 9 months ago
- OneDriveExplorer is a command line and GUI based application for reconstructing the folder structure of OneDrive from the <UserCid>.dat a…☆205Updated 3 weeks ago
- Memory Baseliner is a script that can compare two windows memory images or perform frequency of occurrence / data stacking analysis on mu…☆54Updated 2 years ago
- macOS Artifacts☆31Updated 4 months ago
- Vehicle Logs Events And Properties Parser☆89Updated 5 months ago
- Search datasets for Bitlocker recovery files and triage live systems for Bitlocker keys.☆41Updated 5 months ago
- Convert a variety of log formats to CSV while enriching detected IPs with Geolocation, ASN, DNS, WhoIs, Shodan InternetDB and Threat Indi…☆108Updated 9 months ago
- A toolkit for the post-mortem examination of Docker containers from forensic HDD copies☆104Updated last year
- A YARA & Malware Analysis Toolkit written in Rust.☆36Updated last week