libyal / libewf
Libewf is a library to access the Expert Witness Compression Format (EWF)
☆273Updated 7 months ago
Alternatives and similar repositories for libewf:
Users that are interested in libewf are comparing it to the libraries listed below
- Python bindings for The Sleuth Kit (libtsk)☆98Updated last month
- Tool suite for inspecting NTFS artifacts.☆220Updated last year
- AFF is an open and extensible file format to store disk images and associated metadata.☆86Updated 2 weeks ago
- Command line utility and Python package to ease the (un)mounting of forensic disk images☆122Updated 2 years ago
- An AFF4 C++ implementation.☆198Updated 2 years ago
- Digital Forensics Virtual File System (dfVFS)☆207Updated 3 months ago
- The kernel patch and userspace tools to enable Linux software write blocking☆139Updated 4 years ago
- Extract $MFT record info and log it to a csv file.☆269Updated 6 months ago
- Volatility plugins developed and maintained by the community☆359Updated 4 years ago
- Library and tools to access the Volume Shadow Snapshot (VSS) format☆111Updated 8 months ago
- Autopsy Python Plugins☆347Updated last year
- Parser for $LogFile on NTFS☆193Updated last year
- An NTFS/FAT parser for digital forensics & incident response☆202Updated 5 months ago
- Yet another library library (and tools)☆207Updated 3 months ago
- DC3 Malware Configuration Parser (DC3-MWCP) is a framework for parsing configuration information from malware. The information extracted …☆311Updated 2 months ago
- Comae Hibernation File Decompressor☆148Updated 2 years ago
- A better strings utility!☆131Updated 2 months ago
- analyzeMFT.py is designed to fully parse the MFT file from an NTFS filesystem and present the results as accurately as possible in multip …☆472Updated 6 months ago
- EVTXtract recovers and reconstructs fragments of EVTX log files from raw binary data, including unallocated space and memory images.☆192Updated last month
- A framework for orchestrating forensic collection, processing and data export☆310Updated last week
- The Python implementation of the AFF4 standard.☆45Updated 11 months ago
- Script for automating Linux memory capture and analysis☆269Updated 5 years ago
- Library and tools to access the BitLocker Drive Encryption (BDE) encrypted volumes☆232Updated 9 months ago
- Regipy is an os independent python library for parsing offline registry hives☆254Updated last week
- Pure Python parser for Windows Registry hives.☆428Updated 2 months ago
- Windows Prefetch parser. Supports all known versions from Windows XP to Windows 10.☆112Updated 3 months ago
- Digital Forensics artifact repository☆1,101Updated 3 months ago
- Volatility profiles for Linux and Mac OS X☆322Updated 2 years ago
- Yara integrated software to handle archive file data.☆306Updated 2 years ago
- 🧭 The artifactcollector is a customizable agent to collect forensic artifacts on any Windows, macOS or Linux system☆284Updated 2 months ago