AmgdGocha / DriveFS-SleuthLinks
DriveFS Sleuth is a Python tool that automates investigating Google Drive File Stream disk artifacts, the tool has been developed based on research that has been performed by mounting different scenarios and noting down the changes in the Google Drive File Stream disk artifacts.
☆81Updated 5 months ago
Alternatives and similar repositories for DriveFS-Sleuth
Users that are interested in DriveFS-Sleuth are comparing it to the libraries listed below
Sorting:
- A repo hosting the Markua content for the EZ Tools manuals hosted on Leanpub☆75Updated last year
- Python based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)☆69Updated last year
- ☆68Updated 5 months ago
- USN Journal full path builder☆60Updated 8 months ago
- This repository contains helper scripts and custom configs to get the best out of Google's Timesketch project.☆109Updated last year
- Digital Forensics Artifacts Knowledge Base☆81Updated last year
- A script that updates KAPE (using Get-KAPEUpdate.ps1) as well as EZ Tools (within .\KAPE\Modules\bin) and the ancillary files that enhanc…☆56Updated last month
- Forensic tool for acquisition, triage and analysis of remote block devices via iSCSI protocol.☆39Updated 7 months ago
- ☆52Updated this week
- Windows Forensics Environment Builder☆145Updated last week
- Python script to walk a folder or a zip file for SQLite Databases☆38Updated last year
- FJTA (Forensic Journal Timeline Analyzer) is a tool that analyzes Linux filesystem (EXT4, XFS) journals (not systemd-journald), generates…☆64Updated 2 months ago
- Project based on RegRipper, to extract add'l value/pivot points from TLN events file☆85Updated 3 months ago
- acquire is a tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container.☆103Updated 2 weeks ago
- Incident Response documents and tooling☆74Updated last year
- A hex viewer for the sleuths!☆20Updated last month
- Parses USB connection artifacts from offline Registry hives☆99Updated 4 months ago
- The Threat Actor Profile Guide for CTI Analysts☆107Updated last year
- Remote access and Antivirus Logging Database☆42Updated last year
- Chrome Logs Events and Protobuf Parser☆39Updated 2 years ago
- A repo to centralize some of the regular expressions I've found useful over the course of my DFIR career.☆96Updated 2 years ago
- Case_Notes.py is a cross-platform (Windows, macOS, & Linux) python script to help make the documentation process easier.☆26Updated last year
- A repo that aims to centralize a current, running list of relevant parsers/tools for known DFIR artifacts☆64Updated 6 months ago
- Harness the power of Splunk for your investigations☆107Updated this week
- Various PowerShells scripts I've made (or others have made) to automate some of the boring stuff in my everyday DFIR journey!☆46Updated 8 months ago
- A curated list of KAPE-related resources☆168Updated last month
- SubCrawl is a modular framework for discovering open directories, identifying unique content through signatures and organizing the data w…☆52Updated 6 months ago
- A toolkit for the post-mortem examination of Docker containers from forensic HDD copies☆101Updated last year
- Memory Baseliner is a script that can compare two windows memory images or perform frequency of occurrence / data stacking analysis on mu…☆54Updated last year
- ☆7Updated 7 months ago