57 projects
acquire
A tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container
dissect.volume
A Dissect module implementing a parser for different disk volume and partition systems, for example LVM2, GPT and MBR
dissect.target
This module ties all other Dissect modules together, it provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets)
dissect.vmfs
A Dissect module implementing a parser for the VMFS file system, used by VMware virtualization software
dissect.xfs
A Dissect module implementing a parser for the XFS file system, commonly used by RedHat Linux distributions
dissect.squashfs
A Dissect module implementing a parser for the SquashFS file system, commonly used in appliance or device firmware
dissect.ntfs
A Dissect module implementing a parser for the NTFS file system, used by the Windows operating system
dissect.fat
A Dissect module implementing parsers for the FAT and exFAT file systems, commonly used on flash memory based storage devices and UEFI partitions
dissect.ffs
A Dissect module implementing a parser for the FFS file system, commonly used by BSD operating systems
dissect.btrfs
A Dissect module implementing a parser for the Btrfs file system, a commonly used Linux filesystem.
dissect.extfs
A Dissect module implementing a parser for the ExtFS file system, the native filesystem for Linux operating systems
dissect.hypervisor
A Dissect module implementing parsers for various hypervisor disk, backup and configuration files
dissect.cstruct
A Dissect module implementing a parser for C-like structures: structure parsing in Python made easy
dissect.util
A Dissect module implementing various utility functions for the other Dissect modules
dissect.cobaltstrike
a Python library for dissecting Cobalt Strike related data
flow.record
A library for defining and creating structured data (called records) that can be streamed to disk or piped to other tools that use flow.record
dissect
Dissect is a digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artefacts from various disk and file formats, developed by Fox-IT (part of NCC Group)
dissect.shellitem
A Dissect module implementing a parser for the Shellitem structures, commonly used by Microsoft Windows
dissect.sql
A Dissect module implementing a parsers for the SQLite database file format, commonly used by applications to store configuration data
dissect.thumbcache
A Dissect module implementing parsers for the thumbcache of Windows systems.
dissect.esedb
A Dissect module implementing a parser for Microsofts Extensible Storage Engine Database (ESEDB), used for example in Active Directory, Exchange and Windows Update
dissect.regf
A Dissect module implementing a parser for Windows registry file format, used to store application and OS configuration on Windows operating systems
dissect.ole
A Dissect module implementing a parser for the Object Linking & Embedding (OLE) format, commonly used by document editors on Windows operating systems
dissect.jffs
A Dissect module implementing a parser for the JFFS2 file system, commonly used by router operating systems
dissect.executable
A Dissect module implementing a parsers for various executable formats such as PE, ELF and Macho-O
dissect.evidence
A Dissect module implementing a parsers for various forensic evidence file containers, currently: AD1, ASDF and EWF
dissect.eventlog
A Dissect module implementing parsers for the Windows EVT, EVTX and WEVT log file formats
dissect.etl
A Dissect module implementing a parser for Event Trace Log (ETL) files, used by the Windows operating system to log kernel events
dissect.clfs
A Dissect module implementing a parser for the CLFS (Common Log File System) file system of Windows
dissect.cim
A Dissect module implementing a parser for the Windows Common Information Model (CIM) database, used in the Windows operating system
dissect.archive
A Dissect module implementing parsers for various archive and backup formats
dissect.contrib
This project is a meta package: it reserves the namespace for Dissect packages made by external contributors
skrapa
Minimal Python memory scraper with memory attributes support
dissect.qnxfs
Placeholder for future Dissect project
foxhound
Placeholder for future Dissect project
dissect.disc
Placeholder for future Dissect project
dissect.f2fs
Placeholder for future Dissect project
dissect.ubifs
Placeholder for future Dissect project
dissect.bsddb
Placeholder for future Dissect project
dissect.fs
Placeholder for future Dissect project
flow.transport
Placeholder for future Dissect project
flow.remoting
Placeholder for future Dissect project
flow.ioc
Placeholder for future Dissect project
flow.broker
Placeholder for future Dissect project
dissect.zfs
Placeholder for future Dissect project
dissect.yaffs
Placeholder for future Dissect project
dissect.refs
Placeholder for future Dissect project
dissect.raid
Placeholder for future Dissect project
dissect.network
Placeholder for future Dissect project
dissect.memory
Placeholder for future Dissect project
dissect.fve
Placeholder for future Dissect project
dissect.container
Placeholder for future Dissect project
dissect.binary
Placeholder for future Dissect project
dissect.aufs
Placeholder for future Dissect project
dissect.apfs
Placeholder for future Dissect project
dissect.agent
Placeholder for future Dissect project
mkYARA
Generating YARA rules based on binary code
