Profile of fox-it

flow.record

Last released May 17, 2026

A library for defining and creating structured data (called records) that can be streamed to disk or piped to other tools that use flow.record

This module ties all other Dissect modules together, it provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets)

acquire

Last released May 11, 2026

A tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container

dissect.database

Last released May 8, 2026

A Dissect module implementing parsers for various database formats, including Berkeley DB, Microsofts Extensible Storage Engine (ESE) and SQLite3

dissect.cstruct

Last released Apr 29, 2026

A Dissect module implementing a parser for C-like structures: structure parsing in Python made easy

dissect.eventlog

Last released Apr 29, 2026

A Dissect module implementing parsers for the Windows EVT, EVTX and WEVT log file formats

dissect.hypervisor

Last released Apr 28, 2026

A Dissect module implementing parsers for various hypervisor disk, backup and configuration files

dissect.util

Last released Apr 9, 2026

A Dissect module implementing various utility functions for the other Dissect modules

dissect.volume

Last released Apr 8, 2026

A Dissect module implementing a parser for different disk volume and partition systems, for example LVM2, GPT and MBR

dissect.qnxfs

Last released Mar 30, 2026

A Dissect module implementing a parser for the QNX4 and QNX6 file systems, commonly used in the QNX RTOS.

dissect.apfs

Last released Mar 30, 2026

A Dissect module implementing a parser for the APFS file system, a commonly used Apple file system

dissect.shellitem

Last released Mar 30, 2026

A Dissect module implementing a parser for the Shellitem structures, commonly used by Microsoft Windows

dissect.regf

Last released Mar 30, 2026

A Dissect module implementing a parser for Windows registry file format, used to store application and OS configuration on Windows operating systems

dissect.ntfs

Last released Mar 27, 2026

A Dissect module implementing a parser for the NTFS file system, used by the Windows operating system

dissect.squashfs

Last released Mar 27, 2026

A Dissect module implementing a parser for the SquashFS file system, commonly used in appliance or device firmware

dissect.thumbcache

Last released Mar 27, 2026

A Dissect module implementing parsers for the thumbcache of Windows systems.

dissect.ole

Last released Mar 27, 2026

A Dissect module implementing a parser for the Object Linking & Embedding (OLE) format, commonly used by document editors on Windows operating systems

dissect.fve

Last released Mar 27, 2026

A Dissect module implementing a parsers for full volume encryption implementations, currently Linux Unified Key Setup (LUKS1 and LUKS2) and Microsoft's Bitlocker Disk Encryption

dissect.xfs

Last released Mar 27, 2026

A Dissect module implementing a parser for the XFS file system, commonly used by RedHat Linux distributions

dissect.jffs

Last released Mar 27, 2026

A Dissect module implementing a parser for the JFFS2 file system, commonly used by router operating systems

dissect.evidence

Last released Mar 27, 2026

A Dissect module implementing a parsers for various forensic evidence file containers, currently: AD1, ASDF and EWF

dissect.executable

Last released Mar 27, 2026

A Dissect module implementing a parsers for various executable formats such as PE, ELF and Macho-O

dissect.fat

Last released Mar 27, 2026

A Dissect module implementing parsers for the FAT and exFAT file systems, commonly used on flash memory based storage devices and UEFI partitions

dissect.ffs

Last released Mar 26, 2026

A Dissect module implementing a parser for the FFS file system, commonly used by BSD operating systems

dissect.extfs

Last released Mar 26, 2026

A Dissect module implementing a parser for the ExtFS file system, the native filesystem for Linux operating systems

dissect.vmfs

Last released Mar 24, 2026

A Dissect module implementing a parser for the VMFS file system, used by VMware virtualization software

dissect.etl

Last released Mar 24, 2026

A Dissect module implementing a parser for Event Trace Log (ETL) files, used by the Windows operating system to log kernel events

dissect.cramfs

Last released Mar 23, 2026

A Dissect module implementing a parser for the Cram file system, commonly used in appliance or device firmware

dissect.clfs

Last released Mar 23, 2026

A Dissect module implementing a parser for the CLFS (Common Log File System) file system of Windows

dissect.archive

Last released Mar 23, 2026

A Dissect module implementing parsers for various archive and backup formats

dissect.cim

Last released Mar 20, 2026

A Dissect module implementing a parser for the Windows Common Information Model (CIM) database, used in the Windows operating system

dissect.btrfs

Last released Mar 19, 2026

A Dissect module implementing a parser for the Btrfs file system, a commonly used Linux filesystem.

dissect

Last released Feb 25, 2026

Dissect is a digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artefacts from various disk and file formats, developed by Fox-IT (part of NCC Group)

dissect.esedb

Last released Nov 20, 2025

Superseded by dissect.database. A Dissect module implementing a parser for Microsofts Extensible Storage Engine Database (ESEDB), used for example in Active Directory, Exchange and Windows Update

dissect.sql

Last released Nov 20, 2025

Superseded by dissect.database. A Dissect module implementing a parsers for the SQLite database file format, commonly used by applications to store configuration data