libyal / libbde
Library and tools to access the BitLocker Drive Encryption (BDE) encrypted volumes
☆215Updated 2 months ago
Related projects: ⓘ
- Tool suite for inspecting NTFS artifacts.☆213Updated 10 months ago
- Comae Hibernation File Decompressor☆141Updated last year
- Library and tools to access the Volume Shadow Snapshot (VSS) format☆109Updated last month
- Windows registry file format specification☆319Updated 5 years ago
- Library and tools to access the Windows NT Registry File (REGF) format☆103Updated last month
- Library and tools to access the Windows New Technology File System (NTFS)☆186Updated 2 months ago
- Volatility Framework plugin for extracting BitLocker FVEK (Full Volume Encryption Key)☆215Updated 8 years ago
- Yet another library library (and tools)☆201Updated last week
- Parser for $LogFile on NTFS☆184Updated 9 months ago
- An AFF4 C++ implementation.☆187Updated last year
- Extract $MFT record info and log it to a csv file.☆254Updated 9 months ago
- An NTFS journal parser☆82Updated 8 years ago
- Libewf is a library to access the Expert Witness Compression Format (EWF)☆263Updated 3 weeks ago
- Arsenal Image Mounter mounts the contents of disk images as complete disks in Microsoft Windows.☆499Updated 3 weeks ago
- A better strings utility!☆119Updated last year
- AFF is an open and extensible file format to store disk images and associated metadata.☆77Updated 5 months ago
- Parser for $UsnJrnl on NTFS☆103Updated last year
- An NTFS/FAT parser for digital forensics & incident response☆189Updated last year
- analyzeMFT.py is designed to fully parse the MFT file from an NTFS filesystem and present the results as accurately as possible in multip…☆429Updated this week
- Commandline low level file extractor for NTFS☆272Updated 5 years ago
- Library and tools to access the Windows XML Event Log (EVTX) format☆188Updated 2 months ago
- Cross-platform, open-source shellbag parser☆149Updated last year
- ☆105Updated 2 weeks ago
- Digital Forensics Virtual File System (dfVFS)☆202Updated 4 months ago
- Library and tools to access the Windows Prefetch File (SCCA) format.☆70Updated last month
- Tool to extract the $UsnJrnl from an NTFS volume☆104Updated 5 years ago
- Full featured, offline Registry parser in C#☆218Updated 2 weeks ago
- Windows Registry Knowledge Base☆158Updated 5 months ago
- Volatility plugin to extract BitLocker Full Volume Encryption Keys (FVEK)☆62Updated 3 years ago
- A low pin count sniffer for ICEStick - targeting TPM chips☆154Updated 4 years ago