Get-ForensicUsnJrnl cmdlet
..parses the $UsnJrnl file or NTFS change journal.The UsnJrnl is responsible for keeping track of file system operations such as file creation, deletion, and truncation. During an investigation I...
View Articlejschicht/ExtractUsnJrnl
The change journal on NTFS is a file found at \$Extend\$UsnJrnl. It is a system metafile that is not possible to find in a normal dir listing, or even posible to by regular means. The relevant data is...
View ArticleWhatsApp Forensic
User-friendly DJango project to data interpretation and chart of messages activity from WhatsApp records.
View ArticleElcomsoft Explorer for WhatsApp
Acquire and analyze WhatsApp communication histories from multiple sources. Extract WhatsApp databases from Android phones with and without root access, download WhatsApp backups from Google Drive and...
View ArticleWhatsApp Forensics Plus
The WhatsApp Forensics Plus is the newest addition to our great line of cellphone forensics tools. With the ability to recovery lost and deleted WhatsApp chat history, as well as retrieve existing...
View ArticleB16f00t/whapa
Whapa is a whatsapp database parser that automates the process. The main purpose of whapa is to present the data handled by the Sqlite database in a way that is comprehensible to the analyst. The...
View ArticleCQRDCache
https://cqureacademy.com/blog/forensics/what-to-do-after-hack-5-unusual-places-where-you-can-find-evidence Password: CQUREAcademy#123!
View ArticleCQPrefetchParser
CQPrefetchParser takes as a parameter a prefetch file to analyze https://cqureacademy.com/blog/forensics/what-to-do-after-hack-5-unusual-places-where-you-can-find-evidence Password: CQUREAcademy#123!
View ArticleEric Zimmerman SDB Explorer
SDB Explorer is a GUI program that allows for interacting with Microsoft Shim databases.
View ArticlePowerGREP
PowerGREP provides you with the tools and options you need for detailed and successful audits and forensic analysis.
View ArticleAstroGrep
AstroGrep is a Microsoft Windows GUI File Searching (grep) utility. Its features include regular expressions, versatile printing options, stores most recent used paths and has a "context" feature...
View ArticleRegexBuddy
RegexBuddy offers all the functionality you'd expect from a basic GREP tool. Built on the same technology as our top-of-the-line Windows GREP tool PowerGREP, RegexBuddy outclasses many stand-alone GREP...
View ArticleGNU Grep
Grep searches one or more input files for lines containing a match to a specified pattern. By default, Grep outputs the matching lines.
View Articlegrepwin
grepWin is a simple search and replace tool which can use regular expressions to do its job. This allows to do much more powerful searches and replaces.
View Article