libyal / libvshadowLinks
Library and tools to access the Volume Shadow Snapshot (VSS) format
☆113Updated 11 months ago
Alternatives and similar repositories for libvshadow
Users that are interested in libvshadow are comparing it to the libraries listed below
Sorting:
- An NTFS journal parser☆82Updated 9 years ago
- Tool suite for inspecting NTFS artifacts.☆223Updated last year
- Checks with NSRL RDS servers looking for for hash matches☆114Updated 4 years ago
- Command line utility and Python package to ease the (un)mounting of forensic disk images☆124Updated 2 years ago
- Open source Python library for NTFS analysis☆81Updated 7 years ago
- A better strings utility!☆136Updated last month
- Windows Prefetch parser. Supports all known versions from Windows XP to Windows 10.☆114Updated 6 months ago
- Yet another registry parser☆133Updated 3 years ago
- Network Block Device Server for windows with a DFIR/forensic focus.☆98Updated 8 years ago
- Python library for parsing AccessData AD1 images☆33Updated 2 years ago
- Tool to extract the $UsnJrnl from an NTFS volume☆107Updated 6 years ago
- Parser for $UsnJrnl on NTFS☆111Updated 2 years ago
- AuditParser☆60Updated 11 years ago
- Windows registry samples☆24Updated 6 years ago
- Digital Forensics Windows Registry (dfWinReg)☆52Updated last week
- Digital Forensics Virtual File System (dfVFS)☆210Updated last week
- Python bindings for https://github.com/omerbenamram/evtx/☆50Updated 5 months ago
- Decode security descriptors in $Secure on NTFS☆20Updated 3 years ago
- Example programs used in the automating DFIR series☆63Updated 6 years ago
- Parser for $LogFile on NTFS☆198Updated 2 months ago
- Extract compressed memory pages from page-aligned data☆46Updated 6 years ago
- EVTXtract recovers and reconstructs fragments of EVTX log files from raw binary data, including unallocated space and memory images.☆195Updated 4 months ago
- Extract common Windows artifacts from source images and VSCs☆65Updated 4 years ago
- Python script for extracting USB information from Windows registry hives☆128Updated 5 years ago
- Command line access to the Registry☆153Updated last week
- PE Import Hash Generator☆80Updated 8 years ago
- An AFF4 C++ implementation.☆206Updated 2 years ago
- Static analysis tools for Microsoft Office Open XML files and documents☆70Updated 7 years ago
- Community modules for FAME☆65Updated 6 months ago
- A fork of The Sleuthkit with Pooled Storage and APFS support. See https://www.youtube.com/watch?v=k1XPillJ7aw for more info and usage.☆26Updated 5 years ago