msuhanov

regf

Windows registry file format specification

dfir_ntfs

An NTFS/FAT parser for digital forensics & incident response

Linux-write-blocker

The kernel patch and userspace tools to enable Linux software write blocking

yarp

Yet another registry parser

winmem_decompress

Extract compressed memory pages from page-aligned data

ntfs-samples

NTFS samples

regf-samples

Windows registry samples

registry-miner

Registry Miner

grub-unlzma

Locate and extract a compressed core image within a bootable image of GRUB

articles

grub-raiddump

The GRUB command to acquire the contents of a fake RAID

sleuthkit

The Sleuth Kit® (TSK) is a library and collection of command line digital forensics tools that allow you to investigate volume and file system data. The library can be incorporated into larger digital forensics tools and the command line tools can be directly used to find evidence.

winbootpath

Boot path verification for Windows on read-only media

autopsy-2.24-patch

The patch for Autopsy 2.24 to fix issues with TSK 4.1.3

dosfstools

dosfstools consists of the programs mkfs.fat, fsck.fat and fatlabel to create, check and label file systems of the FAT family.

ntfs-3g

NTFS-3G Safe Read/Write NTFS Driver