Skip to content

@fox-it Fox-IT

Change the repository type filter

All

    Repositories list

    84 repositories

    • dissect.target

      Public
      The Dissect module tying all other Dissect modules together. It provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets).
      Python
      GNU Affero General Public License v3.0
      474411327Updated Nov 8, 2024Nov 8, 2024

    • flow.record

      Public
      Recordization library
      Python
      GNU Affero General Public License v3.0
      9754Updated Nov 8, 2024Nov 8, 2024

    • dissect-docs

      Public
      Dissect documentation project
      GNU Affero General Public License v3.0
      7703Updated Nov 7, 2024Nov 7, 2024

    • dissect.hypervisor

      Public
      A Dissect module implementing parsers for various hypervisor disk, backup and configuration files.
      Python
      GNU Affero General Public License v3.0
      5501Updated Nov 7, 2024Nov 7, 2024

    • dissect.archive

      Public
      A Dissect module implementing parsers for various archive and backup formats.
      Python
      GNU Affero General Public License v3.0
      1010Updated Nov 7, 2024Nov 7, 2024

    • acquire

      Public
      acquire is a tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container.
      Python
      GNU Affero General Public License v3.0
      2691284Updated Nov 5, 2024Nov 5, 2024

    • dissect.volume

      Public
      A Dissect module implementing a parser for different disk volume and partition systems, for example LVM2, GPT and MBR.
      Python
      GNU Affero General Public License v3.0
      1301Updated Nov 5, 2024Nov 5, 2024

    • dissect.fat

      Public
      A Dissect module implementing parsers for the FAT and exFAT file systems, commonly used on flash memory based storage devices and UEFI partitions.
      Python
      GNU Affero General Public License v3.0
      2210Updated Nov 4, 2024Nov 4, 2024

    • dissect.util

      Public
      A Dissect module implementing various utility functions for the other Dissect modules.
      Python
      Apache License 2.0
      5334Updated Nov 4, 2024Nov 4, 2024

    • dissect.xfs

      Public
      A Dissect module implementing a parser for the XFS file system, commonly used by RedHat Linux distributions.
      Python
      GNU Affero General Public License v3.0
      4220Updated Nov 1, 2024Nov 1, 2024

    • dissect.vmfs

      Public
      Dissect module implementing a parser for the VMFS file system, used by VMware virtualization software.
      Python
      GNU Affero General Public License v3.0
      1380Updated Nov 1, 2024Nov 1, 2024

    • dissect.jffs

      Public
      A Dissect module implementing a parser for the JFFS2 file system, commonly used by router operating systems.
      Python
      GNU Affero General Public License v3.0
      1011Updated Nov 1, 2024Nov 1, 2024

    • dissect.squashfs

      Public
      A Dissect module implementing a parser for the SquashFS file system.
      Python
      GNU Affero General Public License v3.0
      0010Updated Nov 1, 2024Nov 1, 2024

    • dissect.ntfs

      Public
      A Dissect module implementing a parser for the NTFS file system, used by the Windows operating system.
      Python
      GNU Affero General Public License v3.0
      4810Updated Nov 1, 2024Nov 1, 2024

    • dissect.ffs

      Public
      A Dissect module implementing a parser for the FFS file system, commonly used by BSD operating systems.
      Python
      GNU Affero General Public License v3.0
      1200Updated Nov 1, 2024Nov 1, 2024

    • dissect.btrfs

      Public
      A Dissect module implementing a parser for the btrfs file system.
      Python
      GNU Affero General Public License v3.0
      0120Updated Nov 1, 2024Nov 1, 2024

    • dissect.extfs

      Public
      A Dissect module implementing a parser for the ExtFS file system, the native filesystem for Linux operating systems.
      Python
      GNU Affero General Public License v3.0
      1100Updated Nov 1, 2024Nov 1, 2024

    • dissect.cstruct

      Public
      A Dissect module implementing a parser for C-like structures.
      Python
      Apache License 2.0
      164083Updated Oct 27, 2024Oct 27, 2024

    • dissect-add-on-for-splunk

      Public
      A splunk plugin that provides sourcetyping for ingestion and processing of dissect records
      GNU Affero General Public License v3.0
      0100Updated Oct 15, 2024Oct 15, 2024

    • dissect.cobaltstrike

      Public
      Python library for dissecting and parsing Cobalt Strike related data such as Beacon payloads and Malleable C2 Profiles
      pythonparserpcappython3beaconpypy3malleable-c2-profilecobaltstrikedissect
      Python
      MIT License
      2014610Updated Oct 15, 2024Oct 15, 2024

    • dissect-workflow-templates

      Public
      Workflow templates for the dissect projects
      1200Updated Oct 14, 2024Oct 14, 2024

    • pcap-broker

      Public
      PCAP-over-IP server written in Golang
      pcapctfnetwork-analysistcpdumpattack-defense-ctfctf-toolpcap-over-ippeecap
      Go
      Apache License 2.0
      11600Updated Oct 4, 2024Oct 4, 2024

    • dissect

      Public
      Dissect is a digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artefacts from various disk and file formats, developed by Fox-IT (part of NCC Group).
      dfirdissectpython
      GNU Affero General Public License v3.0
      6492131Updated Sep 16, 2024Sep 16, 2024

    • dissect.shellitem

      Public
      A Dissect module implementing a parser for the Shellitem structures, commonly used by Microsoft Windows.
      Python
      GNU Affero General Public License v3.0
      2200Updated Sep 10, 2024Sep 10, 2024

    • PyOxidizer

      Public
      A modern Python application packaging and distribution tool
      Rust
      Mozilla Public License 2.0
      239000Updated Jul 26, 2024Jul 26, 2024

    • dissect.disc

      Public
      A Dissect module implementing a parser for file systems commonly used on optical media, such as ISO9660 and several extensions.
      1001Updated Jul 23, 2024Jul 23, 2024

    • dissect.executable

      Public
      A Dissect module implementing parsers for various executable formats such as PE, ELF and Macho-O.
      Python
      GNU Affero General Public License v3.0
      2053Updated Jul 22, 2024Jul 22, 2024

    • dissect.thumbcache

      Public
      A Dissect module implementing a parser for windows thumbcache.
      Python
      GNU Affero General Public License v3.0
      1100Updated Jul 1, 2024Jul 1, 2024

    • dissect.sql

      Public
      A Dissect module implementing a parsers for the SQLite database file format, commonly used by applications to store configuration data.
      Python
      GNU Affero General Public License v3.0
      4610Updated Jul 1, 2024Jul 1, 2024

    • dissect.regf

      Public
      A Dissect module implementing a parser for Windows registry file format, used to store application and OS configuration on Windows operating systems.
      Python
      GNU Affero General Public License v3.0
      2300Updated Jul 1, 2024Jul 1, 2024