A lightweight, extensible forensic tool that leverages eBPF to collect real-time system events on Windows for Digital Forensics and Incident Response.

A simple tool to uncover files, directories, and connections hidden by malware.

Orion is a TCP/IP Forensics Tool, written in C, capable of detecting malicious processes / connections on windows hosts by using the VirusTotal API.

This Repository is for Live Forenisc Script

GREP for PCAP files

VirtualBox Saved State Parser (For Forensics)

JPEG the Ripper: extract JPEG files from unstructured data stream

IP statistics from PCAP files

similarity digest hashing tool -- in Rust!

A Swift Package (SPM) that wraps [libvmdk](https://github.com/libyal/libvmdk) by Joachim Metz as universal static libraries for reading VMware Virtual Machine Disk (`.vmdk`) images on macOS, with bundled mount and info tools.

A Swift Package (SPM) that wraps [libvhdi](https://github.com/libyal/libvhdi) by Joachim Metz as universal static libraries for reading Microsoft Virtual Hard Disk (`.vhd`) images on macOS, with bundled mount and info tools.

Blazing-fast binary scanner for locating patterns and filesystem structures in raw disk images and devices

A Swift Package (SPM) that wraps [libewf](https://github.com/libyal/libewf) by Joachim Metz as a universal static library for reading Expert Witness Format (EWF / EnCase) forensic disk images on macOS, with bundled mount and info tools.

An implementation of FA-SEAL: Forensically Analyzable Symmetric Encryption for Audit Logs.