Enscript - setupapi.dev.log
This EnCase EnScript was written to parse the Vista/7 'setupapi.dev.log' for USB events. This log contains a lot of information about hardware events, including when USB devices are attached and can be...
View Articledjacobs24/Windows-7-SetupAPI-Parser
This is a Python 3 script that parses a Windows 7 setupapi.dev.log file for USB device install dates. It also searches http://www.linux-usb.org/usb.ids for the vendor and product ID of the USB devices...
View ArticleMft2Csv
This tool is for parsing, decoding and logging information from the Master File Table ($MFT) to a csv. It is logging a large amount of data and that has been the main purpose from the very start....
View ArticleMFTDump Forensic Tool
The tool is designed for forensic examiners and incident responders who need a quick method to extract and examine file metadata from an NTFS volume.
View ArticleINDXParse
INDXParse is a suite of tools forensic investigators can use to inspect NTFS artifacts. Although INDXParse was once a single tool for working with directory index entries, the project now includes many...
View ArticleMFT Ripper PE
MFT Ripper PE is a program that will decode a Master File Table (MFT) file and output the results to a Comma Separated Value (CSV) file. This program was designed to augment traditional forensic...
View Articlefamavott/osint-scraper
This application locates and compiles information about online personalities, given a username and/or email address. Use this to investigate your own online presence, summarize the digital footprint of...
View Articlehttp://www.osintframework.com/
OSINT framework focused on gathering information from free tools or resources. The intention is to help people find free OSINT resources. Some of the sites included might require registration or offer...
View ArticleIntelTechniques
The most outstanding OSINT search tools I have ever seen. - Brett Shavers
View Articlelibyal/libbde
libbde is a library to access the BitLocker Drive Encryption (BDE) format. BitLocker Drive Encryption (BDE) is a volume-based encryption method used by Microsoft Windows, as of Vista, to encrypt data...
View ArticleSalvation Data - Data Recovery System
SalvationDATA is widely known as the famous data recovery and digital forensics solution provider among the world. In 2013, SalvationDATA has established its wholly owned subsidiary Sichuan Masterpiece...
View ArticleSalvation Data - Smartphone Forensic Triage Acquistion
SPA (SmartPhone Forensic Triage Acquisition) is an easy to use mobile data acquisition and triage software for forensically sound on-scene collection. SPA allows Investigators acquire and triage the...
View ArticleSalvation Data - Video Investigation Portable
VIP (Video Investigation Portable) is a forensically sound system for video extraction, recovery and analysis from CCTV DVRs of video surveillance system during investigations. Through VIP, it helps...
View ArticleSalvation Data Smartphone Forensic System
SPF (SmartPhone Forensic System) is a forensically sound system for acquiring, recovering, analyzing and triage data from mobile devices such as Android phone, tablets, iPhone&iPad. The system is a...
View ArticleSalvation Data - Data Recovery System
DRS (Data Recovery System) is the next generation intelligent all-in-one forensic data recovery tool which can help you acquire and recover data from both good and damaged storage media like HDD simply...
View ArticleEnScript NTFS $UsnJrnl Parser
This script parses records contained in the $J data stream of the $UsnJrnl file.
View Article$UsnJrnl Viewer
OSForensics™ includes an $UsnJrnl viewer that parses and displays the log records stored in the NTFS $UsnJrnl volume change journal. This information is useful for identifying suspect files (eg....
View Article