AmgdGocha / DriveFS-Sleuth
DriveFS Sleuth is a Python tool that automates investigating Google Drive File Stream disk artifacts, the tool has been developed based on research that has been performed by mounting different scenarios and noting down the changes in the Google Drive File Stream disk artifacts.
☆78Updated 3 months ago
Alternatives and similar repositories for DriveFS-Sleuth:
Users that are interested in DriveFS-Sleuth are comparing it to the libraries listed below
- Python based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)☆68Updated last year
- Python script to walk a folder or a zip file for SQLite Databases☆38Updated last year
- USN Journal full path builder☆57Updated 6 months ago
- A repo hosting the Markua content for the EZ Tools manuals hosted on Leanpub☆68Updated last year
- This repository contains helper scripts and custom configs to get the best out of Google's Timesketch project.☆108Updated last year
- ☆67Updated 3 months ago
- Windows Forensics Environment Builder☆131Updated 2 months ago
- Chrome Logs Events and Protobuf Parser☆38Updated 2 years ago
- Project based on RegRipper, to extract add'l value/pivot points from TLN events file☆84Updated last month
- Digital Forensics Artifacts Knowledge Base☆80Updated 10 months ago
- Harness the power of Splunk for your investigations☆94Updated last week
- FJTA (Forensic Journal Timeline Analyzer) is a tool that analyzes Linux filesystem (EXT4, XFS) journals (not systemd-journald), generates…☆58Updated 2 weeks ago
- A script that updates KAPE (using Get-KAPEUpdate.ps1) as well as EZ Tools (within .\KAPE\Modules\bin) and the ancillary files that enhanc…☆55Updated last month
- SubCrawl is a modular framework for discovering open directories, identifying unique content through signatures and organizing the data w…☆51Updated 3 months ago
- A repo that aims to centralize a current, running list of relevant parsers/tools for known DFIR artifacts☆59Updated 4 months ago
- Memory Baseliner is a script that can compare two windows memory images or perform frequency of occurrence / data stacking analysis on mu…☆52Updated last year
- Vehicle Logs Events And Properties Parser☆81Updated 2 months ago
- A curated list of KAPE-related resources☆164Updated last week
- A repo to centralize some of the regular expressions I've found useful over the course of my DFIR career.☆91Updated 2 years ago
- Logbook for Digital Forensics and Incident Response☆50Updated 8 months ago
- Parses USB connection artifacts from offline Registry hives☆95Updated last month
- acquire is a tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container.☆99Updated 2 weeks ago
- Digital Forensics Incident Response and Detection engineering: Análisis forense de artefactos comunes y no tan comunes. Técnicas anti-for…☆76Updated last month
- Remote access and Antivirus Logging Database☆42Updated 11 months ago
- A really good DFIR automation for collecting and analyzing evidence designed for cybersecurity professionals.☆153Updated 10 months ago
- MacOS forensic acquisition made simple☆93Updated 3 weeks ago
- ☆49Updated 3 weeks ago
- Documentation site for Velociraptor☆45Updated this week
- Case_Notes.py is a cross-platform (Windows, macOS, & Linux) python script to help make the documentation process easier.☆26Updated last year
- Convert a variety of log formats to CSV while enriching detected IPs with Geolocation, ASN, DNS, WhoIs, Shodan InternetDB and Threat Indi…☆101Updated 5 months ago