libyal/libvshadow

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/libyal/libvshadow)

libyal / libvshadow

Library and tools to access the Volume Shadow Snapshot (VSS) format

☆113

Alternatives and similar repositories for libvshadow

Users that are interested in libvshadow are comparing it to the libraries listed below

Sorting:

jschicht / Indx2Csv
View on GitHub
An advanced parser for INDX records
☆29Aug 7, 2019Updated 6 years ago
libyal / libfsext
View on GitHub
Library and tools to access the Extended File System
☆18Feb 1, 2026Updated 3 weeks ago
msuhanov / regf-samples
View on GitHub
Windows registry samples
☆24Nov 18, 2018Updated 7 years ago
libyal / libhibr
View on GitHub
Library and tools to access the Windows Hibernation File (hiberfil.sys) format
☆13Dec 20, 2025Updated 2 months ago
4n6ist / bulk_extractor-rec
View on GitHub
It is based on bulk_extractor (https://github.com/simsong/bulk_extractor) and add scanners for record carving
☆42Apr 23, 2020Updated 5 years ago
daveherrald / SA_plaso-app-for-splunk
View on GitHub
☆16Apr 16, 2017Updated 8 years ago
dfirlabs / ntfs-specimens
View on GitHub
NTFS file system specimens
☆13Jul 3, 2023Updated 2 years ago
libyal / reviveit
View on GitHub
ReviveIT (revit) is a proof of concept file recovery tool (carver)
☆13Dec 3, 2020Updated 5 years ago
libyal / libagdb
View on GitHub
Library and tools to access the Windows SuperFetch database format
☆13Nov 29, 2025Updated 3 months ago
libyal / libvsmbr
View on GitHub
Library and tools to access the Master Boot Record (MBR) volume system format
☆14Dec 21, 2025Updated 2 months ago
libyal / libfshfs
View on GitHub
Library and tools to access the Mac OS Hierarchical File System (HFS)
☆36Jan 31, 2026Updated last month
mnrkbys / vss_carver
View on GitHub
Carves and recreates VSS catalog and store from Windows disk image.
☆99Jan 24, 2023Updated 3 years ago
libyal / libwtcdb
View on GitHub
Library and tools to access the Windows (Vista/7) Explorer thumbnail cache database format (thumbcache.db)
☆17Dec 3, 2025Updated 2 months ago
msuhanov / winmem_decompress
View on GitHub
Extract compressed memory pages from page-aligned data
☆47Sep 25, 2018Updated 7 years ago
Velocidex / go-prefetch
View on GitHub
A golang implementation of a prefetch parser.
☆20Oct 27, 2025Updated 4 months ago
matonis / page_brute
View on GitHub
Page File analysis tools.
☆131Dec 3, 2015Updated 10 years ago
MISP / PyTaxonomies
View on GitHub
Python module to use the MISP Taxonomies
☆31Feb 19, 2026Updated last week
log2timeline / dfvfs
View on GitHub
Digital Forensics Virtual File System (dfVFS)
☆217Feb 15, 2026Updated last week
williballenthin / EVTXtract
View on GitHub
EVTXtract recovers and reconstructs fragments of EVTX log files from raw binary data, including unallocated space and memory images.
☆208Mar 12, 2025Updated 11 months ago
libyal / libvsgpt
View on GitHub
Library and tools to access the GUID Partition Table (GPT) volume system format
☆11Dec 20, 2025Updated 2 months ago
libyal / libfole
View on GitHub
Library for Object Linking and Embedding (OLE) data types
☆12Nov 27, 2025Updated 3 months ago
OSRDrivers / tunnel
View on GitHub
Demonstrate the behavior of the tunnel cache on Windows
☆11Aug 13, 2019Updated 6 years ago
jp-slackspace / x-tension-c-sharp
View on GitHub
An updated C# port of X-Ways X-Tensions API.
☆11Mar 12, 2018Updated 7 years ago
jschicht / LogFileParser
View on GitHub
Parser for $LogFile on NTFS
☆215Jun 1, 2025Updated 8 months ago
MatthewClarkMay / fTriage
View on GitHub
Automating forensic data extraction, reduction, and overall triage of cold disk and memory images.
☆21Mar 12, 2019Updated 6 years ago
vector-sec / DuoPusher
View on GitHub
Duo MFA auditing tool to test users' likelihood of approving unexpected push notifications
☆13Apr 20, 2018Updated 7 years ago
mbevilacqua / appcompatprocessor
View on GitHub
"Evolving AppCompat/AmCache data analysis beyond grep"
☆209Sep 15, 2021Updated 4 years ago
EricZimmerman / bstrings
View on GitHub
A better strings utility!
☆150Feb 8, 2026Updated 2 weeks ago
BechtelCIRT / beholder
View on GitHub
Beholder is a shell script which installs and configures essentials to peer into your network activity.
☆19Jun 19, 2017Updated 8 years ago
sshock / AFFLIBv3
View on GitHub
AFF is an open and extensible file format to store disk images and associated metadata.
☆91Sep 8, 2025Updated 5 months ago
sleuthkit / libewf_64bit
View on GitHub
Copy of the libewf source code that is configured for a 64-bit MS Visual Studio build.
☆17Aug 17, 2020Updated 5 years ago
tom8941 / MISP-IOC-Validator
View on GitHub
Validate IOC from MISP ; Export results and iocs to SIEM and sensors using syslog and CEF format
☆14Sep 13, 2016Updated 9 years ago
ydkhatri / Appx-Analysis
View on GitHub
Scripts and tools created for appx analysis talk (Magnet summit 2019)
☆19Feb 26, 2024Updated 2 years ago
csababarta / memory-baseliner
View on GitHub
Memory Baseliner is a script that can compare two windows memory images or perform frequency of occurrence / data stacking analysis on mu…
☆55Jul 2, 2023Updated 2 years ago
log2timeline / plaso
View on GitHub
Super timeline all the things
☆2,017Feb 10, 2026Updated 2 weeks ago
mandiant / flare-wmi
View on GitHub
☆432May 3, 2023Updated 2 years ago
libyal / libolecf
View on GitHub
Library and tools to access the OLE 2 Compound File (OLECF) format
☆74Dec 21, 2025Updated 2 months ago
devgc / ElasticHandler
View on GitHub
Assorted classes and methods for indexing reports and retrieving information from an elastic index
☆21Jul 5, 2016Updated 9 years ago
ail-project / ail-feeder-telegram
View on GitHub
External telegram feeder for AIL framework
☆18Jan 21, 2026Updated last month