AmgdGocha / DriveFS-Sleuth
DriveFS Sleuth is a Python tool that automates investigating Google Drive File Stream disk artifacts, the tool has been developed based on research that has been performed by mounting different scenarios and noting down the changes in the Google Drive File Stream disk artifacts.
☆80Updated 4 months ago
Alternatives and similar repositories for DriveFS-Sleuth
Users that are interested in DriveFS-Sleuth are comparing it to the libraries listed below
Sorting:
- Python based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)☆68Updated last year
- A repo hosting the Markua content for the EZ Tools manuals hosted on Leanpub☆73Updated last year
- A script that updates KAPE (using Get-KAPEUpdate.ps1) as well as EZ Tools (within .\KAPE\Modules\bin) and the ancillary files that enhanc…☆56Updated 2 weeks ago
- FJTA (Forensic Journal Timeline Analyzer) is a tool that analyzes Linux filesystem (EXT4, XFS) journals (not systemd-journald), generates…☆64Updated last month
- ☆68Updated 5 months ago
- Windows Forensics Environment Builder☆135Updated 4 months ago
- USN Journal full path builder☆59Updated 8 months ago
- This repository contains helper scripts and custom configs to get the best out of Google's Timesketch project.☆109Updated last year
- Parses USB connection artifacts from offline Registry hives☆98Updated 3 months ago
- Project based on RegRipper, to extract add'l value/pivot points from TLN events file☆84Updated 3 months ago
- Python script to walk a folder or a zip file for SQLite Databases☆38Updated last year
- A simple script to read the contents of a zip/tar/folder and extract metadata☆22Updated 3 weeks ago
- Memory Baseliner is a script that can compare two windows memory images or perform frequency of occurrence / data stacking analysis on mu…☆53Updated last year
- Chrome Logs Events and Protobuf Parser☆38Updated 2 years ago
- A hex viewer for the sleuths!☆20Updated last month
- Various PowerShells scripts I've made (or others have made) to automate some of the boring stuff in my everyday DFIR journey!☆45Updated 7 months ago
- ☆51Updated last week
- A repo to centralize some of the regular expressions I've found useful over the course of my DFIR career.☆95Updated 2 years ago
- The SOLVE-IT knowledge base for digital forensics☆30Updated last week
- Digital Forensics Artifacts Knowledge Base☆81Updated 11 months ago
- Remote access and Antivirus Logging Database☆42Updated last year
- Convert a variety of log formats to CSV while enriching detected IPs with Geolocation, ASN, DNS, WhoIs, Shodan InternetDB and Threat Indi…☆103Updated 7 months ago
- A repo that aims to centralize a current, running list of relevant parsers/tools for known DFIR artifacts☆61Updated 6 months ago
- A curated list of KAPE-related resources☆167Updated 2 weeks ago
- A toolkit for the post-mortem examination of Docker containers from forensic HDD copies☆99Updated last year
- MacOS forensic acquisition made simple☆134Updated last month
- Harness the power of Splunk for your investigations☆105Updated this week
- A forensic open-source parser module for Autopsy that allows extracting the messages, comments, posts, contacts, calendar entries and rea…☆90Updated 10 months ago
- macOS Artifacts☆29Updated 2 months ago
- A tool for fetching DFIR and other GitHub tools.☆23Updated last week