AmgdGocha / DriveFS-SleuthLinks
DriveFS Sleuth is a Python tool that automates investigating Google Drive File Stream disk artifacts, the tool has been developed based on research that has been performed by mounting different scenarios and noting down the changes in the Google Drive File Stream disk artifacts.
☆86Updated 11 months ago
Alternatives and similar repositories for DriveFS-Sleuth
Users that are interested in DriveFS-Sleuth are comparing it to the libraries listed below
Sorting:
- A forensic open-source parser module for Autopsy that allows extracting the messages, comments, posts, contacts, calendar entries and rea…☆112Updated 3 weeks ago
- ☆68Updated 2 weeks ago
- A repo hosting the Markua content for the EZ Tools manuals hosted on Leanpub☆85Updated 4 months ago
- Project based on RegRipper, to extract add'l value/pivot points from TLN events file☆88Updated 10 months ago
- Python based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)☆67Updated 2 years ago
- A script that updates KAPE (using Get-KAPEUpdate.ps1) as well as EZ Tools (within .\KAPE\Modules\bin) and the ancillary files that enhanc…☆59Updated 5 months ago
- Carve file metadata from NTFS index ($I30) attributes☆72Updated last year
- ☆56Updated 5 months ago
- Forensic tool for acquisition, triage and analysis of remote block devices via iSCSI protocol.☆43Updated last year
- USN Journal full path builder☆62Updated last year
- Memory Baseliner is a script that can compare two windows memory images or perform frequency of occurrence / data stacking analysis on mu…☆56Updated 2 years ago
- FJTA (Forensic Journal Timeline Analyzer) is a tool that analyzes Linux filesystem (ext4, XFS) journals (not systemd-journald logs), gene…☆96Updated 2 weeks ago
- A repo to centralize some of the regular expressions I've found useful over the course of my DFIR career.☆104Updated 3 years ago
- Python script to walk a folder or a zip file for SQLite Databases☆37Updated 2 years ago
- Remote access and Antivirus Logging Database☆44Updated last year
- Plugins for parsing CSV files in Timeline Explorer. This project allows for anyone to add more supported files (i,e. they get a Line #/ta…☆28Updated 7 months ago
- Parses USB connection artifacts from offline Registry hives☆105Updated 5 months ago
- PowerShell scripts for running Magnet RESPONSE forensic collection tool in large enterprises.☆29Updated 11 months ago
- Recycle bin artifact parser☆57Updated 10 months ago
- Various PowerShells scripts I've made (or others have made) to automate some of the boring stuff in my everyday DFIR journey!☆49Updated last year
- Windows Forensics Environment Builder☆167Updated last week
- A simple script to read the contents of a zip/tar/folder and extract metadata☆20Updated 2 months ago
- Convert a variety of log formats to CSV while enriching detected IPs with Geolocation, ASN, DNS, WhoIs, Shodan InternetDB and Threat Indi…☆108Updated last year
- A curated list of KAPE-related resources☆177Updated 7 months ago
- This repository contains helper scripts and custom configs to get the best out of Google's Timesketch project.☆116Updated 2 years ago
- Digital Forensics Artifacts Knowledge Base☆88Updated 2 weeks ago
- macOS Artifacts☆33Updated 9 months ago
- A tool for fetching DFIR and other GitHub tools.☆24Updated 4 months ago
- Documentation repository☆45Updated last year
- Documentation site for Velociraptor☆55Updated last week