Skip to content

@fox-it Fox-IT

Change the repository type filter

All

    Repositories list

    85 repositories

    • dissect.target

      Public
      The Dissect module tying all other Dissect modules together. It provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets).
      Python
      GNU Affero General Public License v3.0
      535011327Updated Jan 20, 2025Jan 20, 2025

    • dissect.etl

      Public
      A Dissect module implementing a parser for Event Trace Log (ETL) files, used by the Windows operating system to log kernel events.
      Python
      GNU Affero General Public License v3.0
      2241Updated Jan 20, 2025Jan 20, 2025

    • acquire

      Public
      acquire is a tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container.
      Python
      GNU Affero General Public License v3.0
      2893304Updated Jan 20, 2025Jan 20, 2025

    • dissect.util

      Public
      A Dissect module implementing various utility functions for the other Dissect modules.
      Python
      Apache License 2.0
      7367Updated Jan 20, 2025Jan 20, 2025

    • dissect.btrfs

      Public
      A Dissect module implementing a parser for the btrfs file system.
      Python
      GNU Affero General Public License v3.0
      1120Updated Jan 20, 2025Jan 20, 2025

    • dissect.esedb

      Public
      A Dissect module implementing a parser for Microsofts Extensible Storage Engine Database (ESEDB), used for example in Active Directory, Exchange and Windows Update.
      Python
      Apache License 2.0
      71831Updated Jan 20, 2025Jan 20, 2025

    • dissect.cstruct

      Public
      A Dissect module implementing a parser for C-like structures.
      Python
      Apache License 2.0
      174363Updated Jan 20, 2025Jan 20, 2025

    • dissect.clfs

      Public
      A Dissect module implementing a parser for the CLFS (Common Log File System) file system of Windows.
      Python
      GNU Affero General Public License v3.0
      3500Updated Jan 20, 2025Jan 20, 2025

    • dissect.cim

      Public
      A Dissect module implementing a parser for the Windows Common Information Model (CIM) database, used in the Windows operating system.
      Python
      GNU Affero General Public License v3.0
      4500Updated Jan 20, 2025Jan 20, 2025

    • dissect.archive

      Public
      A Dissect module implementing parsers for various archive and backup formats.
      Python
      GNU Affero General Public License v3.0
      2010Updated Jan 17, 2025Jan 17, 2025

    • dissect.fat

      Public
      A Dissect module implementing parsers for the FAT and exFAT file systems, commonly used on flash memory based storage devices and UEFI partitions.
      Python
      GNU Affero General Public License v3.0
      4210Updated Jan 16, 2025Jan 16, 2025

    • flow.record

      Public
      Recordization library
      Python
      GNU Affero General Public License v3.0
      11752Updated Jan 13, 2025Jan 13, 2025

    • pcap-broker

      Public
      PCAP-over-IP server written in Golang
      pcapctfnetwork-analysistcpdumpattack-defense-ctfctf-toolpcap-over-ippeecap
      Go
      Apache License 2.0
      21700Updated Dec 30, 2024Dec 30, 2024

    • dissect-workflow-templates

      Public
      Workflow templates for the dissect projects
      2211Updated Dec 25, 2024Dec 25, 2024

    • dissect

      Public
      Dissect is a digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artefacts from various disk and file formats, developed by Fox-IT (part of NCC Group).
      dfirdissectpython
      GNU Affero General Public License v3.0
      6994531Updated Dec 10, 2024Dec 10, 2024

    • dissect-docs

      Public
      Dissect documentation project
      GNU Affero General Public License v3.0
      8701Updated Dec 5, 2024Dec 5, 2024

    • dissect-add-on-for-splunk

      Public
      A splunk plugin that provides sourcetyping for ingestion and processing of dissect records
      GNU Affero General Public License v3.0
      1200Updated Dec 4, 2024Dec 4, 2024

    • dissect.hypervisor

      Public
      A Dissect module implementing parsers for various hypervisor disk, backup and configuration files.
      Python
      GNU Affero General Public License v3.0
      6500Updated Nov 28, 2024Nov 28, 2024

    • dissect.jffs

      Public
      A Dissect module implementing a parser for the JFFS2 file system, commonly used by router operating systems.
      Python
      GNU Affero General Public License v3.0
      2010Updated Nov 25, 2024Nov 25, 2024

    • dissect.xfs

      Public
      A Dissect module implementing a parser for the XFS file system, commonly used by RedHat Linux distributions.
      Python
      GNU Affero General Public License v3.0
      6220Updated Nov 18, 2024Nov 18, 2024

    • dissect.volume

      Public
      A Dissect module implementing a parser for different disk volume and partition systems, for example LVM2, GPT and MBR.
      Python
      GNU Affero General Public License v3.0
      2511Updated Nov 18, 2024Nov 18, 2024

    • dissect.vmfs

      Public
      Dissect module implementing a parser for the VMFS file system, used by VMware virtualization software.
      Python
      GNU Affero General Public License v3.0
      2380Updated Nov 18, 2024Nov 18, 2024

    • dissect.squashfs

      Public
      A Dissect module implementing a parser for the SquashFS file system.
      Python
      GNU Affero General Public License v3.0
      1010Updated Nov 18, 2024Nov 18, 2024

    • dissect.ntfs

      Public
      A Dissect module implementing a parser for the NTFS file system, used by the Windows operating system.
      Python
      GNU Affero General Public License v3.0
      5810Updated Nov 18, 2024Nov 18, 2024

    • dissect.ffs

      Public
      A Dissect module implementing a parser for the FFS file system, commonly used by BSD operating systems.
      Python
      GNU Affero General Public License v3.0
      2200Updated Nov 18, 2024Nov 18, 2024

    • dissect.extfs

      Public
      A Dissect module implementing a parser for the ExtFS file system, the native filesystem for Linux operating systems.
      Python
      GNU Affero General Public License v3.0
      2100Updated Nov 18, 2024Nov 18, 2024

    • dissect.fve

      Public
      A Dissect module implementing a parsers for full volume encryption implementations, currently Microsoft's Bitlocker Disk Encryption (BDE) and Linux Unified Key Setup (LUKS1 and LUKS2).
      Python
      GNU Affero General Public License v3.0
      2300Updated Nov 11, 2024Nov 11, 2024

    • dissect.cobaltstrike

      Public
      Python library for dissecting and parsing Cobalt Strike related data such as Beacon payloads and Malleable C2 Profiles
      pythonparserpcappython3beaconpypy3malleable-c2-profilecobaltstrikedissect
      Python
      MIT License
      2415710Updated Oct 15, 2024Oct 15, 2024

    • dissect.shellitem

      Public
      A Dissect module implementing a parser for the Shellitem structures, commonly used by Microsoft Windows.
      Python
      GNU Affero General Public License v3.0
      3200Updated Sep 10, 2024Sep 10, 2024

    • PyOxidizer

      Public
      A modern Python application packaging and distribution tool
      Rust
      Mozilla Public License 2.0
      242000Updated Jul 26, 2024Jul 26, 2024