File recovery for APFS
☆162Apr 20, 2022Updated 3 years ago
Alternatives and similar repositories for afro
Users that are interested in afro are comparing it to the libraries listed below
Sorting:
- A small tool to easily mount APFS image on macOS for forensics.☆16Jul 30, 2020Updated 5 years ago
- APFS filesystem format for Kaitai Struct☆81Apr 20, 2022Updated 3 years ago
- Tools for macOS Forensic Bootable media☆15May 20, 2020Updated 5 years ago
- Mount, dump and analyze APFS volumes and containers☆40Dec 1, 2017Updated 8 years ago
- 010 template for apfs☆26Feb 26, 2021Updated 5 years ago
- Read and extract data from macOS spotlight databases☆128Dec 7, 2025Updated 2 months ago
- Utility for performing data recovery and analysis of APFS partitions/containers.☆180Jan 7, 2024Updated 2 years ago
- Slides and material from my conference presentations☆16Mar 30, 2024Updated last year
- Just Another broken Registry Parser (JARP)☆16May 23, 2024Updated last year
- macOS Artifact Intelligence Tool☆13Apr 30, 2019Updated 6 years ago
- Python script to parse the Most Recently Used (MRU) plist files on macOS into a more human friendly format.☆108Feb 22, 2018Updated 8 years ago
- Library and tools to access the Apple File System (APFS)☆393Dec 16, 2025Updated 2 months ago
- A fork of The Sleuthkit with Pooled Storage and APFS support. See https://www.youtube.com/watch?v=k1XPillJ7aw for more info and usage.☆26Oct 27, 2019Updated 6 years ago
- Registry Miner☆14Apr 10, 2018Updated 7 years ago
- Package apfs implements an Apple File System(apfs) bindings for Go☆39Oct 11, 2021Updated 4 years ago
- It is based on bulk_extractor (https://github.com/simsong/bulk_extractor) and add scanners for record carving☆42Apr 23, 2020Updated 5 years ago
- Collection of SQL query templates for digital forensics use by platform and application.☆112Apr 17, 2021Updated 4 years ago
- macOS (& ios) Artifact Parsing Tool☆1,003Feb 26, 2026Updated last week
- ☆22Oct 3, 2019Updated 6 years ago
- Digital Forensics Virtual File System (dfVFS)☆217Feb 15, 2026Updated 2 weeks ago
- Library and tools to access the GUID Partition Table (GPT) volume system format☆11Dec 20, 2025Updated 2 months ago
- Queries for parsed spotlight database in sqlite☆13Dec 29, 2020Updated 5 years ago
- CLBX file format☆20May 13, 2021Updated 4 years ago
- Parse Manifest.mbdb files from iTunes backup directories☆20Jun 29, 2017Updated 8 years ago
- Python library for parsing AccessData AD1 images☆33Jun 1, 2023Updated 2 years ago
- Windows 10 Live Information viewer☆38Jan 27, 2022Updated 4 years ago
- A simple utility for stripping out either the SHA-1, MD5 or CRC values alone from the NSRL hash database☆14Nov 19, 2021Updated 4 years ago
- DFF (Digital Forensics Framework)☆11Jan 6, 2021Updated 5 years ago
- Mobile Shell☆17Apr 19, 2012Updated 13 years ago
- A parser for Unified logging tracev3 files☆97Jul 25, 2025Updated 7 months ago
- Python utilities related to plists☆55Oct 28, 2025Updated 4 months ago
- incident response tool for iOS devices☆51Apr 27, 2022Updated 3 years ago
- Decode security descriptors in $Secure on NTFS☆22Feb 24, 2022Updated 4 years ago
- Install Apple Binaries on SnapShot disk for Monterey 12 and Big Sur 11☆23Mar 28, 2022Updated 3 years ago
- Scripts to extract compound bplists in the iOS -> KnowledgeC.db -> structuredmetadata table.☆27May 12, 2019Updated 6 years ago
- Simple wrapper bundle to create a RamDisk on macOS☆10Jan 20, 2024Updated 2 years ago
- Registry to JSON. This Project is for learning purposes and is not maintained.☆12Dec 28, 2021Updated 4 years ago
- Parsers for .mdf file of Microsoft SQL Server (MSSQL)☆15Mar 28, 2020Updated 5 years ago
- Scripts and tools created for appx analysis talk (Magnet summit 2019)☆19Feb 26, 2024Updated 2 years ago