A course on "Digital Forensics" designed and offered in the Computer Science Department at Texas Tech University
-
Updated
Oct 5, 2023 - Rich Text Format
A course on "Digital Forensics" designed and offered in the Computer Science Department at Texas Tech University
Point it at disk + memory evidence; get a correlated, ATT&CK-mapped attack timeline. Rust DFIR orchestrator: one command ingests E01/EWF/VMDK/raw + memory dumps, parses NTFS/registry/EVTX/prefetch/LNK/SRUM/browser/Amcache + memory (processes, netstat, injection), correlates into a DuckDB super-timeline, scans threat-intel, and reports.
🕵️♂️ Unlock the story hidden in data - Your digital investigation partner. TheSleuthKit (TSK) Python Wrapper.
Practical labs, case studies, and investigation notes for CHFI v11 — covering digital forensics, malware forensics, incident response, evidence collection, and analysis tools.
High-performance cross-platform disk space analyzer (WinDirStat alternative) built with Java 21 & Compose Desktop. Features parallel ForkJoinPool I/O scanning & GPU-accelerated Canvas Treemaps.
Complete digital forensic investigation of the M57-Jean dataset with documented methodology, findings, and forensic report.
Certificate repository for the "Intro to DFIR: Divide & Conquer" course by SleuthKitLabs - containing notes, labs, operations guides, and completion certificate.
Digital Forensics & Pro Hacker — Complete Mastery Guide
DFIR-oriented CTF write-ups covering disk, memory, and artifact-based analysis using various tools and techniques
A Digital Forensics Toolkit
Swift Package for mounting forensic and general-purpose disk images on macOS.
Recover deleted files from raw disk images using The Sleuth Kit. Supports filtering, checksums, dry runs, JSON reports, and forensic workflows.
Forensic MBR analyzer: graded anomaly findings (structural, gap/slack carving, wipe & bootkit detection, CHS/LBA & GPT/VBR cross-checks) on a pure read-only MBR parser — Rust crates mbr-partition-forensic + mbr-partition-core
FAEP is an automated tool to extract and parse forensic artifacts from .E01 images automatically, with a clean GUI and minimal manual effort.
Blazing-fast binary scanner for locating patterns and filesystem structures in raw disk images and devices
From-scratch NTFS reader (ntfs-core: MFT, attributes, indexes, data runs, LZNT1, $UsnJrnl:$J change journal over Read+Seek) plus a graded anomaly auditor (ntfs-forensic: timestomping, alternate data streams, deleted records, MFT/LogFile tamper checks) — panic-free, fuzzed, no unsafe
Add a description, image, and links to the disk-forensics topic page so that developers can more easily learn about it.
To associate your repository with the disk-forensics topic, visit your repo's landing page and select "manage topics."