Yogesh Khatri (@swiftforensics)'s repositories
MacForensics
Scripts to process macOS forensic artifacts
spotlight_parser
Read and extract data from macOS spotlight databases
UnifiedLogReader
A parser for Unified logging tracev3 files
blackboxprotobuf
Blackbox protobuf is a library for decoding and modifying arbitrary protobuf messages without the protobuf type definition.
nska_deserialize
NSKeyedArchive plist deserializer
pyliblzfse
Python bindings for LZFSE
Presentations
Slides and material from my conference presentations
Appx-Analysis
Scripts and tools created for appx analysis talk (Magnet summit 2019)
spotlight_queries
Queries for parsed spotlight database in sqlite
Android-Usagestats-XML-Parser
Android Usagestats XML Parser
dissect.esedb
A Dissect module implementing a parser for Microsofts Extensible Storage Engine Database (ESEDB), used for example in Active Directory, Exchange and Windows Update.
go-ntfs
An NTFS file parser in Go
iLEAPP
iOS Logs, Events, And Plists Parser
pylzfse
For the latest go to https://github.com/ydkhatri/pyliblzfse. This project is old and unused now.
velociraptor-docs
Documentation site for Velociraptor