A course on "Digital Forensics" designed and offered in the Computer Science Department at Texas Tech University
Point it at disk + memory evidence; get a correlated, ATT&CK-mapped attack timeline. Rust DFIR orchestrator: one command ingests E01/EWF/VMDK/raw + memory dumps, parses NTFS/registry/EVTX/prefetch/LNK/SRUM/browser/Amcache + memory (processes, netstat, injection), correlates into a DuckDB super-timeline, scans threat-intel, and reports.
🕵️♂️ Unlock the story hidden in data - Your digital investigation partner. TheSleuthKit (TSK) Python Wrapper.
High-performance cross-platform disk space analyzer (WinDirStat alternative) built with Java 21 & Compose Desktop. Features parallel ForkJoinPool I/O scanning & GPU-accelerated Canvas Treemaps.
Practical labs, case studies, and investigation notes for CHFI v11 — covering digital forensics, malware forensics, incident response, evidence collection, and analysis tools.
Certificate repository for the "Intro to DFIR: Divide & Conquer" course by SleuthKitLabs - containing notes, labs, operations guides, and completion certificate.
A Digital Forensics Toolkit
DFIR-oriented CTF write-ups covering disk, memory, and artifact-based analysis using various tools and techniques
Swift Package for mounting forensic and general-purpose disk images on macOS.
Recover deleted files from raw disk images using The Sleuth Kit. Supports filtering, checksums, dry runs, JSON reports, and forensic workflows.
FAEP is an automated tool to extract and parse forensic artifacts from .E01 images automatically, with a clean GUI and minimal manual effort.
Forensic MBR analyzer: graded anomaly findings (structural, gap/slack carving, wipe & bootkit detection, CHS/LBA & GPT/VBR cross-checks) on a pure read-only MBR parser — Rust crates mbr-partition-forensic + mbr-partition-core
Blazing-fast binary scanner for locating patterns and filesystem structures in raw disk images and devices
From-scratch NTFS reader (ntfs-core: MFT, attributes, indexes, data runs, LZNT1, $UsnJrnl:$J change journal over Read+Seek) plus a graded anomaly auditor (ntfs-forensic: timestomping, alternate data streams, deleted records, MFT/LogFile tamper checks) — panic-free, fuzzed, no unsafe
Add a description, image, and links to the disk-forensics topic page so that developers can more easily learn about it.
To associate your repository with the disk-forensics topic, visit your repo's landing page and select "manage topics."