libyal / libewfLinks
Libewf is a library to access the Expert Witness Compression Format (EWF)
☆278Updated 9 months ago
Alternatives and similar repositories for libewf
Users that are interested in libewf are comparing it to the libraries listed below
Sorting:
- analyzeMFT.py is designed to fully parse the MFT file from an NTFS filesystem and present the results as accurately as possible in multip…☆479Updated 8 months ago
- Tool suite for inspecting NTFS artifacts.☆223Updated last year
- Python bindings for The Sleuth Kit (libtsk)☆101Updated 3 months ago
- Digital Forensics Virtual File System (dfVFS)☆210Updated 5 months ago
- An AFF4 C++ implementation.☆202Updated 2 years ago
- Autopsy Python Plugins☆356Updated 3 weeks ago
- Yet another library library (and tools)☆210Updated 5 months ago
- AFF is an open and extensible file format to store disk images and associated metadata.☆88Updated 2 months ago
- SIFT☆511Updated last year
- Extract $MFT record info and log it to a csv file.☆273Updated 8 months ago
- An NTFS/FAT parser for digital forensics & incident response☆203Updated 7 months ago
- The kernel patch and userspace tools to enable Linux software write blocking☆141Updated 5 years ago
- A framework for orchestrating forensic collection, processing and data export☆323Updated this week
- Parser for $LogFile on NTFS☆196Updated 3 weeks ago
- Command line utility and Python package to ease the (un)mounting of forensic disk images☆123Updated 2 years ago
- Script for automating Linux memory capture and analysis☆270Updated 5 years ago
- Pure Python parser for Windows Registry hives.☆430Updated 4 months ago
- Volatility profiles for Linux and Mac OS X☆324Updated 2 years ago
- Volatility plugins developed and maintained by the community☆364Updated 4 years ago
- Parser for $UsnJrnl on NTFS☆111Updated 2 years ago
- Regipy is an os independent python library for parsing offline registry hives☆257Updated 2 weeks ago
- Library and tools to access the BitLocker Drive Encryption (BDE) encrypted volumes☆234Updated 11 months ago
- Digital Forensics artifact repository☆1,129Updated 5 months ago
- Collection of forensics artifacts location for Mac OS X and iOS☆332Updated 3 years ago
- Super timeline all the things☆1,866Updated 3 weeks ago
- DC3 Malware Configuration Parser (DC3-MWCP) is a framework for parsing configuration information from malware. The information extracted …☆323Updated 4 months ago
- Library and tools to access the Volume Shadow Snapshot (VSS) format☆113Updated 10 months ago
- YARA Rules I come across on the internet☆341Updated last year
- Library and tools to access the Windows XML Event Log (EVTX) format☆206Updated 8 months ago
- Yara integrated software to handle archive file data.☆312Updated 3 years ago