Skip to content

@fox-it Fox-IT

Change the repository type filter

All

    Repositories list

    85 repositories

    • dissect.target

      Public
      The Dissect module tying all other Dissect modules together. It provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets).
      Python
      GNU Affero General Public License v3.0
      545211519Updated Feb 28, 2025Feb 28, 2025

    • acquire

      Public
      acquire is a tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container.
      Python
      GNU Affero General Public License v3.0
      3094333Updated Feb 27, 2025Feb 27, 2025

    • dissect.cstruct

      Public
      A Dissect module implementing a parser for C-like structures.
      Python
      Apache License 2.0
      184374Updated Feb 26, 2025Feb 26, 2025

    • dissect-add-on-for-splunk

      Public
      A splunk plugin that provides sourcetyping for ingestion and processing of dissect records
      GNU Affero General Public License v3.0
      1200Updated Feb 20, 2025Feb 20, 2025

    • flow.record

      Public
      Recordization library
      Python
      GNU Affero General Public License v3.0
      11752Updated Feb 20, 2025Feb 20, 2025

    • dissect.etl

      Public
      A Dissect module implementing a parser for Event Trace Log (ETL) files, used by the Windows operating system to log kernel events.
      Python
      GNU Affero General Public License v3.0
      3230Updated Feb 19, 2025Feb 19, 2025

    • dissect.cim

      Public
      A Dissect module implementing a parser for the Windows Common Information Model (CIM) database, used in the Windows operating system.
      Python
      GNU Affero General Public License v3.0
      5510Updated Feb 19, 2025Feb 19, 2025

    • dissect-docs

      Public
      Dissect documentation project
      GNU Affero General Public License v3.0
      7711Updated Feb 18, 2025Feb 18, 2025

    • dissect.shellitem

      Public
      A Dissect module implementing a parser for the Shellitem structures, commonly used by Microsoft Windows.
      Python
      GNU Affero General Public License v3.0
      3210Updated Feb 18, 2025Feb 18, 2025

    • dissect.eventlog

      Public
      A Dissect module implementing parsers for the Windows EVT, EVTX and WEVT log file formats.
      Python
      GNU Affero General Public License v3.0
      3640Updated Feb 18, 2025Feb 18, 2025

    • dissect.util

      Public
      A Dissect module implementing various utility functions for the other Dissect modules.
      Python
      Apache License 2.0
      7368Updated Feb 18, 2025Feb 18, 2025

    • dissect.btrfs

      Public
      A Dissect module implementing a parser for the btrfs file system.
      Python
      GNU Affero General Public License v3.0
      2120Updated Feb 17, 2025Feb 17, 2025

    • dissect.sql

      Public
      A Dissect module implementing a parsers for the SQLite database file format, commonly used by applications to store configuration data.
      Python
      GNU Affero General Public License v3.0
      6620Updated Feb 17, 2025Feb 17, 2025

    • dissect.volume

      Public
      A Dissect module implementing a parser for different disk volume and partition systems, for example LVM2, GPT and MBR.
      Python
      GNU Affero General Public License v3.0
      3301Updated Feb 13, 2025Feb 13, 2025

    • dissect-workflow-templates

      Public
      Workflow templates for the dissect projects
      3212Updated Feb 12, 2025Feb 12, 2025

    • dissect.vmfs

      Public
      Dissect module implementing a parser for the VMFS file system, used by VMware virtualization software.
      Python
      GNU Affero General Public License v3.0
      2380Updated Jan 30, 2025Jan 30, 2025

    • dissect.esedb

      Public
      A Dissect module implementing a parser for Microsofts Extensible Storage Engine Database (ESEDB), used for example in Active Directory, Exchange and Windows Update.
      Python
      Apache License 2.0
      81832Updated Jan 28, 2025Jan 28, 2025

    • dissect.squashfs

      Public
      A Dissect module implementing a parser for the SquashFS file system.
      Python
      GNU Affero General Public License v3.0
      1010Updated Jan 27, 2025Jan 27, 2025

    • dissect.xfs

      Public
      A Dissect module implementing a parser for the XFS file system, commonly used by RedHat Linux distributions.
      Python
      GNU Affero General Public License v3.0
      6220Updated Jan 24, 2025Jan 24, 2025

    • dissect.fve

      Public
      A Dissect module implementing a parsers for full volume encryption implementations, currently Microsoft's Bitlocker Disk Encryption (BDE) and Linux Unified Key Setup (LUKS1 and LUKS2).
      Python
      GNU Affero General Public License v3.0
      2300Updated Jan 24, 2025Jan 24, 2025

    • dissect.thumbcache

      Public
      A Dissect module implementing a parser for windows thumbcache.
      Python
      GNU Affero General Public License v3.0
      2100Updated Jan 24, 2025Jan 24, 2025

    • dissect.regf

      Public
      A Dissect module implementing a parser for Windows registry file format, used to store application and OS configuration on Windows operating systems.
      Python
      GNU Affero General Public License v3.0
      3311Updated Jan 23, 2025Jan 23, 2025

    • dissect.ole

      Public
      A Dissect module implementing a parser for the Object Linking & Embedding (OLE) format, commonly used by document editors on Windows operating systems.
      Python
      GNU Affero General Public License v3.0
      2300Updated Jan 23, 2025Jan 23, 2025

    • dissect.ntfs

      Public
      A Dissect module implementing a parser for the NTFS file system, used by the Windows operating system.
      Python
      GNU Affero General Public License v3.0
      5810Updated Jan 23, 2025Jan 23, 2025

    • dissect.hypervisor

      Public
      A Dissect module implementing parsers for various hypervisor disk, backup and configuration files.
      Python
      GNU Affero General Public License v3.0
      6500Updated Jan 23, 2025Jan 23, 2025

    • dissect.jffs

      Public
      A Dissect module implementing a parser for the JFFS2 file system, commonly used by router operating systems.
      Python
      GNU Affero General Public License v3.0
      2010Updated Jan 23, 2025Jan 23, 2025

    • dissect.evidence

      Public
      A Dissect module implementing a parsers for various forensic evidence file containers, currently: AD1, ASDF and EWF.
      Python
      GNU Affero General Public License v3.0
      3830Updated Jan 21, 2025Jan 21, 2025

    • dissect.ffs

      Public
      A Dissect module implementing a parser for the FFS file system, commonly used by BSD operating systems.
      Python
      GNU Affero General Public License v3.0
      2200Updated Jan 21, 2025Jan 21, 2025

    • dissect.executable

      Public
      A Dissect module implementing parsers for various executable formats such as PE, ELF and Macho-O.
      Python
      GNU Affero General Public License v3.0
      4053Updated Jan 21, 2025Jan 21, 2025

    • dissect.extfs

      Public
      A Dissect module implementing a parser for the ExtFS file system, the native filesystem for Linux operating systems.
      Python
      GNU Affero General Public License v3.0
      2100Updated Jan 21, 2025Jan 21, 2025