Jan Starke's repositories
ntdsextract2
This aims to be a collection of tools to forensically analyze Active Directory databases
mft2bodyfile
parses an $MFT file to bodyfile
forensic-scripts
Collection of useful forensic scripts
es4forensics
⛔️ DEPRECATED: Use https://github.com/dfir-dd/dfir-toolkit instead
evtx2bodyfile
Parses a lot of evtx files and prints a bodyfile
clap-markdown-dfir
Autogenerate Markdown documentation for clap command-line tools (forked from ConnorGray/clap-markdown)
dfir-esedb
A library to allow forensic analysis of EseDB files
evtx
A Fast (and safe) parser for the Windows XML Event Log (EVTX) format
csvlens
Command line csv viewer
dfir-timeline
Library for the creation of DFIR timelines
dissect.target
The Dissect module tying all other Dissect modules together. It provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets).
flow.record
Recordization library
libesedb
Library and tools to access the Extensible Storage Engine (ESE) Database File (EDB) format.
liblnk
Library and tools to access the Windows Shortcut File (LNK) format
lnk-rs
A Rust library for parsing and writing MS Shell Links (shortcuts, *.lnk)
memoverlay
Puts a writable layer of bytes over some byte stream
pol_export
⛔️ DEPRECATED: Use https://github.com/dfir-dd/dfir-toolkit instead
sleuthkit
The Sleuth Kit® (TSK) is a library and collection of command line digital forensics tools that allow you to investigate volume and file system data. The library can be incorporated into larger digital forensics tools and the command line tools can be directly used to find evidence.
zip-old
Zip implementation in Rust