DriveFS Sleuth is a Python tool that automates investigating Google Drive File Stream disk artifacts, the tool has been developed based on research that has been performed by mounting different scenarios and noting down the changes in the Google Drive File Stream disk artifacts.
☆87Dec 20, 2024Updated last year
Alternatives and similar repositories for DriveFS-Sleuth
Users that are interested in DriveFS-Sleuth are comparing it to the libraries listed below
Sorting:
- ☆24Mar 12, 2025Updated 11 months ago
- Google Filestream Forensic Tool☆22Mar 10, 2022Updated 3 years ago
- A repository of output using KAPE (!EZParser Module) for various publicly available forensic images!☆17Aug 31, 2024Updated last year
- mister-skinnylegs is an open plugin framework for parsing website/webapp artifacts in browser data. It currently provides a command line …☆18Nov 14, 2025Updated 3 months ago
- PowerShell scripts to aid investigators when utilizing O365 and Magnet Axiom.☆12Aug 26, 2024Updated last year
- Python web app for previewing data in a Chrome Profile Folder☆23Jul 1, 2024Updated last year
- Fork this repo! Do a Pull Request! As many times as you want! Learn the ins and outs of how to contribute to GitHub! Make your mistakes h…☆14Jun 21, 2024Updated last year
- A tool for fetching DFIR and other GitHub tools.☆25Aug 2, 2025Updated 6 months ago
- A hex viewer for the sleuths!☆20Nov 7, 2025Updated 3 months ago
- Automatic, fast parsing of browser artifacts☆17Jan 4, 2025Updated last year
- Search datasets for Bitlocker recovery files and triage live systems for Bitlocker keys.☆51Jan 26, 2025Updated last year
- Forensic cheatsheets for use with cheat☆15Dec 2, 2021Updated 4 years ago
- StickyParser - Sticky Notes Forensic. A Windows Sticky Notes Praser (snt and plum.sqlite supported). Additional Feature: SQLite Recovery …☆20Jul 18, 2023Updated 2 years ago
- Parses RecentFileCacheParser.bcf files☆30Feb 2, 2025Updated last year
- Carve $MFT records from a chunk of data (for instance a memory dump)☆16Aug 21, 2016Updated 9 years ago
- A sample VHDX file with multiple verbose examples of forensic and anti-forensics artifacts. Meant to be basic and can be expanded upon. P…☆27Jan 2, 2023Updated 3 years ago
- ☆61Jan 28, 2026Updated last month
- A repo for centralizing ongoing research on the new Windows 10/11 DFIR artifact, EventTranscript.db.☆43Jul 18, 2022Updated 3 years ago
- FileSigExtractor is a python based tool which extracts the file signatures of all files within a directory and writes the output to a CSV…☆10Jul 15, 2023Updated 2 years ago
- A simple python script to generate nested folders based on user input. The script will also name and place a template report document and…☆11Jun 19, 2025Updated 8 months ago
- USN Journal full path builder☆65Sep 16, 2024Updated last year
- This is to edit a training forensic image file (raw/dd) and zero out all the unnecessary files.☆11Jun 21, 2025Updated 8 months ago
- Slack Parser is a script to parse slack database and extract user-data, chat history, workspace information☆16Feb 21, 2021Updated 5 years ago
- Scripts to for ready-to-use Velociraptor instance deployment in Azure☆14Jun 27, 2023Updated 2 years ago
- /ˈhäjˌpäj/ "a confused mixture."☆13Feb 21, 2026Updated last week
- Collection of SQL query templates for digital forensics use by platform and application.☆112Apr 17, 2021Updated 4 years ago
- WLEAPP is an open source project that aims to parse Windows OS artifacts for the purpose of triage analysis.☆32Nov 16, 2023Updated 2 years ago
- C# Library and research notes for Windows 11 Notepad State Files☆28Oct 30, 2025Updated 4 months ago
- OneDriveExplorer is a command line and GUI based application for reconstructing the folder structure of OneDrive from the <UserCid>.dat a…☆229Jan 6, 2026Updated last month
- ☆75Mar 19, 2025Updated 11 months ago
- Automation tool for Windows Deception Host Burn-In☆86Dec 4, 2024Updated last year
- Windows 10 (v1803+) ActivitiesCache.db parsers (SQLite, PowerShell, .EXE)☆196Feb 16, 2023Updated 3 years ago
- Forensic Artifact Collection Tool for macOS☆118Jul 28, 2025Updated 7 months ago
- Convert a variety of log formats to CSV while enriching detected IPs with Geolocation, ASN, DNS, WhoIs, Shodan InternetDB and Threat Indi…☆110Feb 6, 2026Updated 3 weeks ago
- Plugins for parsing CSV files in Timeline Explorer. This project allows for anyone to add more supported files (i,e. they get a Line #/ta…☆30May 5, 2025Updated 9 months ago
- Stand-alone parser for User Access Logging from Server 2012 and newer systems☆78Jan 9, 2024Updated 2 years ago
- Carve file metadata from NTFS index ($I30) attributes☆71Feb 3, 2024Updated 2 years ago
- Vault of Windows Registry forensic artifacts☆28Nov 12, 2025Updated 3 months ago
- Chrome/Chromium Forensic Tool : Parses History, Visited Links, Downloaded Files and Cache☆20Feb 4, 2024Updated 2 years ago