FAST is a distributed system for performing keyword searches against large disk images. <table cellspacing="6" border="0"> <tr><td valign="top" align="left" width="25%"> Project Management * MeetingMinutes * [Identify_and_list_challenges IdentifyAndListChallenges] * [Risk_Identificatio...

LibForensics is a library for developing digital forensics applications. Currently it is developed in pure Python. After a majority of the code has been developed and stabilized, the bottlenecks will likely be converted into C-based modules. I'm looking for people to use and test the framework....

The $USNJRNL logs changes to the NTFS file system. It will record that changes occurred to file data or metadata, but will not record the content of the changes. It is enabled by default in Vista and is optional in XP. All Windows version after XP have the capability to log changes. On systems w...

The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples. The extraction techniques are performed completely independent of the system being investigated b...

parallel forensics model

vol2html takes output files created by Volatility and creates an html report for correlation and easier browsing. Go to Downloads to download this perl script. The script is zipped in order to preserve its integrity, you can use <a href="http://www.7-zip.org/">7zip</a> to extract it.

Python extension to read EXT2/3 information The extension is currently in alpha phase but will be released soon (eta within 2/3 weeks) = Reading material on forensics = == Papers == * [http://www.sans.org/reading_room/whitepapers/forensics/2011.php Taking advantage of Ext3 journaling ...

This is a tool to perform forensics operations on firefox, opera and konqueror when they are executed on UNIX operating systems.

A graphical digital forensic examination tool, built on top of LibForensics.

Modular multiple choice file system analyzer