AmgdGocha / DriveFS-SleuthLinks
DriveFS Sleuth is a Python tool that automates investigating Google Drive File Stream disk artifacts, the tool has been developed based on research that has been performed by mounting different scenarios and noting down the changes in the Google Drive File Stream disk artifacts.
☆85Updated 8 months ago
Alternatives and similar repositories for DriveFS-Sleuth
Users that are interested in DriveFS-Sleuth are comparing it to the libraries listed below
Sorting:
- ☆68Updated last month
- A forensic open-source parser module for Autopsy that allows extracting the messages, comments, posts, contacts, calendar entries and rea…☆102Updated last week
- Digital Forensics Artifacts Knowledge Base☆86Updated last year
- A script that updates KAPE (using Get-KAPEUpdate.ps1) as well as EZ Tools (within .\KAPE\Modules\bin) and the ancillary files that enhanc…☆57Updated 2 months ago
- Forensic tool for acquisition, triage and analysis of remote block devices via iSCSI protocol.☆42Updated 10 months ago
- Python script to walk a folder or a zip file for SQLite Databases☆37Updated last year
- Remote access and Antivirus Logging Database☆42Updated last year
- A tool for fetching DFIR and other GitHub tools.☆24Updated last month
- Parses USB connection artifacts from offline Registry hives☆101Updated 3 months ago
- A curated list of KAPE-related resources☆174Updated 4 months ago
- Windows Forensics Environment Builder☆156Updated 2 months ago
- Python based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)☆69Updated 2 years ago
- USN Journal full path builder☆61Updated last year
- Project based on RegRipper, to extract add'l value/pivot points from TLN events file☆88Updated 7 months ago
- A simple script to read the contents of a zip/tar/folder and extract metadata☆21Updated 5 months ago
- A repo hosting the Markua content for the EZ Tools manuals hosted on Leanpub☆80Updated last month
- Memory Baseliner is a script that can compare two windows memory images or perform frequency of occurrence / data stacking analysis on mu…☆54Updated 2 years ago
- ☆53Updated 2 months ago
- WLEAPP is an open source project that aims to parse Windows OS artifacts for the purpose of triage analysis.☆32Updated last year
- A repo to centralize some of the regular expressions I've found useful over the course of my DFIR career.☆101Updated 2 years ago
- Carve file metadata from NTFS index ($I30) attributes☆70Updated last year
- Various PowerShells scripts I've made (or others have made) to automate some of the boring stuff in my everyday DFIR journey!☆47Updated 11 months ago
- PowerShell scripts for running Magnet RESPONSE forensic collection tool in large enterprises.☆28Updated 8 months ago
- Search datasets for Bitlocker recovery files and triage live systems for Bitlocker keys.☆47Updated 7 months ago
- FJTA (Forensic Journal Timeline Analyzer) is a tool that analyzes Linux filesystem (ext4, XFS) journals (not systemd-journald logs), gene…☆87Updated last week
- acquire is a tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container.☆108Updated last week
- macOS Artifacts☆31Updated 6 months ago
- Recycle bin artifact parser☆52Updated 7 months ago
- Convert a variety of log formats to CSV while enriching detected IPs with Geolocation, ASN, DNS, WhoIs, Shodan InternetDB and Threat Indi…☆109Updated 11 months ago
- This repository contains helper scripts and custom configs to get the best out of Google's Timesketch project.☆113Updated last year