libyal / libvshadowLinks
Library and tools to access the Volume Shadow Snapshot (VSS) format
☆113Updated last year
Alternatives and similar repositories for libvshadow
Users that are interested in libvshadow are comparing it to the libraries listed below
Sorting:
- Checks with NSRL RDS servers looking for for hash matches☆114Updated 4 years ago
- Tool suite for inspecting NTFS artifacts.☆225Updated last year
- Yet another registry parser☆136Updated 3 years ago
- Command line utility and Python package to ease the (un)mounting of forensic disk images☆124Updated 2 years ago
- Windows Prefetch parser. Supports all known versions from Windows XP to Windows 10.☆114Updated 9 months ago
- An NTFS journal parser☆83Updated 9 years ago
- Python library for parsing AccessData AD1 images☆33Updated 2 years ago
- A better strings utility!☆142Updated last month
- Digital Forensics Windows Registry (dfWinReg)☆52Updated last week
- Open source Python library for NTFS analysis☆82Updated 7 years ago
- Digital Forensics Virtual File System (dfVFS)☆213Updated last week
- Python bindings for The Sleuth Kit (libtsk)☆108Updated last month
- Yet another library library (and tools)☆213Updated last month
- EVTXtract recovers and reconstructs fragments of EVTX log files from raw binary data, including unallocated space and memory images.☆199Updated 7 months ago
- An AFF4 C++ implementation.☆211Updated 2 years ago
- Command line access to the Registry☆157Updated last week
- Extract compressed memory pages from page-aligned data☆46Updated 7 years ago
- Parser for $UsnJrnl on NTFS☆117Updated 2 years ago
- Parse Windows Prefetch files: Supports XP - Windows 10 Prefetch files☆120Updated last year
- Comae Hibernation File Decompressor☆155Updated 2 years ago
- Network Block Device Server for windows with a DFIR/forensic focus.☆98Updated 8 years ago
- Example programs used in the automating DFIR series☆63Updated 6 years ago
- Regipy is an os independent python library for parsing offline registry hives☆262Updated last week
- PE Import Hash Generator☆79Updated 8 years ago
- ☆83Updated 2 years ago
- Sample staging & detonation utility to be used in combination with Cuckoo Sandbox.☆83Updated last year
- Extract common Windows artifacts from source images and VSCs☆65Updated 4 years ago
- Python bindings for https://github.com/omerbenamram/evtx/☆52Updated 8 months ago
- Parser for $LogFile on NTFS☆205Updated 4 months ago
- A modern Python-3-based alternative to RegRipper☆197Updated 6 months ago