Lib.rs

› Keywords #security #malware #windows-registry #malware-research #windows #parser

#forensics

  1. fse_dump

    Dumps the fseventsd entries from a mac

    v3.1.3 #forensics #fseventsd #mac #security

  2. yara-x

    A pure Rust implementation of YARA

    v1.14.0 125K #yara #malware #forensics #pattern-matching

  3. ntdsextract2

    Display contents of Active Directory database files (ntds.dit)

    v1.4.31 3.2K #active-directory #forensics #security #cli

  4. malwaredb

    Service for storing malicious, benign, or unknown files and related metadata and relationships

    v0.3.3 #malware #malware-research #forensics #security

  5. mquire

    Memory forensics and analysis tool for querying Linux kernel memory dumps using SQL

    v1.2.5 #sql #linux-kernel #forensics #linux

  6. innodb-utils

    InnoDB file analysis toolkit

    v5.1.0 #mysql #forensics #ibd #innodb #database

  7. forensic-rs

    A Rust-based framework to build tools that analyze forensic artifacts and can be reused as libraries across multiple projects without changing anything

    v0.13.1 190 #windows-registry #security #forensics #parser #windows

  8. macos-unifiedlogs

    help parse macOS UnifiedLogs

    v0.5.1 1.5K #log-parser #forensics #macos #unifiedlog

  9. memprocfs

    Physical Memory Analysis Framework

    v5.17.0 #physical-memory #dma #pcileech #forensics

  10. dionysos

    Scanner for various IoCs

    v1.2.7 3.3K #ioc #forensics #security #cli

  11. zff

    interact with zff, a file format for forensic images

    v3.0.0-rc.5 #forensics #security #forensics-format

  12. palisade-errors

    Security-conscious error handling with operational security principles

    v1.0.1 #forensics #zeroize #opsec #security

  13. nt_hive2

    forensic parser library for Windows registry hive files

    v4.2.4 170 #windows-registry #hive #parser #github #cell #forensics #fs-file

  14. usnjrnl-forensic

    NTFS USN Journal parser with full path reconstruction via journal rewind

    v0.6.0 #mft #record #journal #log-file #ntfs #usn #forensics #rewind #disk-image #csv

  15. ewf

    Pure Rust reader for Expert Witness Format (E01/EWF) forensic disk images

    v0.2.0 #disk-image #e01 #forensics #encase

  16. zffacquire

    A command line utility for acquiring data into the forensic format Zff

    v2.0.0-rc.3 #forensics #security #forensics-format #file-format

  17. lumination

    A very basic library to display network connections

    v0.1.3 1.4K #local-ip #tcp #forensics

  18. emdumper

    acquire the physical memory on linux systems (root is necessary)

    v0.7.1 #physical-memory #forensics #security

  19. archivum

    — deterministic, split, checksummed, compressed archive system with faithful restore

    v0.2.0 #backup-restore #tar-archive #backup #restore #forensics

  20. frnsc-prefetch

    Pure rust windows prefetch parser implementation

    v0.13.3 #prefetch #windows-registry #forensics #windows

  21. frnsc-hive

    Implements RegistryReader from forensic-rs to access the windows registry from Hive files

    v0.13.4 410 #windows-registry #parser #security #forensics #windows

  22. telfhash-rs

    Rust 2024 implementation of Trend Micro telfhash for ELF similarity hashing

    v0.1.0 #elf #malware #similarity #forensics #tlsh

  23. precursor

    Pre-protocol payload tagging, similarity clustering, and packet/firmware triage CLI

    v0.2.3 #firmware #packet #forensics #ids #similarity

  24. zffmount

    A command line utility to mount a zff container using FUSE

    v2.0.0-rc.2 #file-format #forensics #security

  25. aicheck

    Detect AI-generated content via provenance signals (C2PA, XMP/IPTC, EXIF)

    v0.2.0 #c2pa #forensics #ai-detection #watermark

  26. chat4n6

    CLI for chat4n6: extract WhatsApp forensic artifacts from Android filesystem images

    v0.1.1 #android #forensics #whatsapp #cli

  27. oxiddd

    High-performance forensic disk imaging tool with verified NTP timestamping and binding hashes

    v0.2.0 #forensics #disk-image #dd #dfir #security

  28. sunlight

    A very simple Protobuf binary parser

    v0.1.5 1.7K #protobuf #protobuf-parser #binary-parser #forensics

  29. blazehash

    Forensic file hasher — hashdeep for the modern era, BLAKE3 by default

    v0.2.0 #blake3 #hashdeep #dfir #forensics #hash

  30. calf

    A very basic library to read QCOW files

    v0.2.0 1.4K #forensics #disk-image #qcow

  31. notatin

    parsing offline Windows Registry files

    v1.0.1 2.7K #windows-registry #parser #forensics

  32. ext4-fs

    A very basic library to read the ext4 filesystem

    v0.1.4 1.4K #ext4 #forensics

  33. wxtla

    Wired eXploring Target Layer Accessor

    v0.2.0 #driver #partition-table #read-only #layer #wired #forensics

  34. oximedia-forensics

    Video and image forensics and tampering detection for OxiMedia

    v0.1.2 #jpeg #detect #forensics #metadata-analysis #exif #camera-model #computer-vision #shadow #blocking #image-compression

  35. boundary-report

    Report generators for boundary analysis results

    v0.27.0 #analysis #tree-sitter #violation #boundary #layer #graphviz #domain-driven-design #forensics #json-output #markdown

  36. certlogview

    Analyse contents of the Microsoft AD CS Log file

    v0.1.2 #forensics #cli #security

  37. malwaredb-client

    Client application and library for connecting to MalwareDB

    v0.3.3 #malware #malware-research #security #forensics

  38. emd-ebpf

    contains the eBPF binary for emd

    v1.0.7 500 #forensics #ebpf #security

  39. malwaredb-types

    Data types and parsers for MalwareDB

    v0.3.3 #malware #malware-research #security #forensics

  40. regf

    parsing, manipulating, and writing Windows Registry hive files (regf format)

    v0.1.0 #windows-registry #hive #forensics #windows

  41. threatflux-string-analysis

    Advanced string analysis and categorization library for security applications

    v0.1.1 #malware #string-analysis #security-analysis #forensics #threat-detection

  42. lemmeknow

    Identify any mysterious text or analyze strings from a file

    v0.8.0 290 #identifying #security #cryptography #forensics

  43. malwaredb-server

    Server data storage logic for MalwareDB

    v0.3.3 #malware #malware-research #security #forensics

  44. evtxtools

    tools for the analysis of evtx files

    v1.12.1 #evtx #analysis #file #timestamp #find #power-shell #exe #system32 #forensics

  45. malwaredb-client-py

    Python client for MalwareDB

    v0.3.3 #malware #python #malware-research #security #forensics

  46. dma-rs

    hardware DMA interaction on Windows

    v1.0.0 #hardware #forensics #pcie

  47. malwaredb-api

    Common API endpoints and data types for MalwareDB components

    v0.3.3 #malware #malware-research #security #forensics #api-bindings

  48. carbon14

    file-system forensics

    v0.3.0 380 #sha-1 #filesystem #adler32 #checksum #sha-2 #forensics #keccak256 #ripemd160 #crc16 #sha-3

  49. rustkernel-behavioral

    RustKernels Behavioral domain kernels

    v0.4.0 #kernel #profiling #events #forensics #behavioral #pattern-matching #gpu-accelerated #fraud #deviation #anomaly-detection

  50. emd-common

    Various common stuff, necessary for emd

    v0.5.0 290 #memory-dump #forensics #security

  51. nullsec-spoof

    High-performance metadata spoofing toolkit for anti-forensics - Randomize timestamps, MAC addresses, EXIF data, and file attributes

    v1.0.0 #spoofing #metadata #privacy #security #forensics

  52. frnsc-liveregistry-rs

    Implements RegistryReader from forensic-rs using the Windows API to access the registry of a live system

    v0.13.0 650 #windows-registry #forensics #windows #parser

  53. bitgrep

    Binary grep for numerical data types

    v0.1.5 #grep #dfir #security #forensics

  54. vex-verify

    Lightweight cryptographic verification engine for the VEX protocol

    v0.1.4 #vex #verification #forensics #wasm #cryptography

  55. jumplist_parser

    parse Windows Jumplist files (automaticDestinations-ms and customDestinations-ms)

    v0.1.0 #jump-list #forensics #windows #dfir #artifact #jumplist

  56. notepad_parser

    Notepad TabState file parser

    v0.1.0 #notepad #dfir #windows #forensics #artifact

  57. chat4n6-report

    HTML report generator for chat4n6 forensic extraction results

    v0.1.1 #forensics #html #whatsapp #report

  58. chat4n6-sqlite-forensics

    Zero-copy SQLite forensics library: B-tree walker, WAL parser, and FTS recovery

    v0.1.1 #sqlite #forensics #android #recovery

  59. libprefetch

    Forensic library; parser and reader for Microsoft Prefetch File

    v0.1.1 #prefetch #forensics #library #parser

  60. archlinux-userland-fs-cmp

    Forensic tool to read all installed packages from a mounted Arch Linux drive and compare the filesystem to a trusted source

    v0.1.0 #arch-linux-package #compare #mounted #hash #forensics #thread-pool #userland #mtree #exclude #flagged

  61. chat4n6-plugin-api

    Shared plugin API types for the chat4n6 forensic toolkit

    v0.1.1 #forensics #android #plugin #whatsapp

  62. boundary-core

    Core types, graph structures, and metrics for boundary

    v0.27.0 #analysis #tree-sitter #violation #detect #metrics #domain-driven-design #json-output #pattern-detection #forensics #graph-structures

  63. frnsc-amcache

    Pure rust AmCache parser

    v0.13.0 #forensics #windows-registry #amcache #windows

  64. prefetchkit

    A powerful forensic commandline tool for analysing Microsoft Prefetch Files

    v1.0.2 #command-line-tool #prefetch #forensics #command-line

  65. zffanalyze

    A command line utility to analyze zff files

    v1.0.0 #file-format #forensics #security

  66. dmalibrary

    that makes it easy to work with DMA cards for memory forensics and video game hacking

    v0.0.2 #dma #forensics #memprocfs #pcileech

  67. chat4n6-whatsapp

    WhatsApp forensic plugin: chat extraction, decryption, and call log recovery

    v0.1.1 #forensics #whatsapp #android #decryption

    68. Try searching with DuckDuckGo.

  68. lime-rs

    Parser for LiME file format based on binrw

    v0.1.0 #linux #forensics

  69. sams-blackbox

    High-performance forensic logger for signed semantic atoms. Provides immutable audit trails for long-term archival and mandatory cybersecurity compliance.

    v0.2.1 #audit #forensics #legal-evidence #immutable-log #storage

  70. reg-analyzer-rs

    Forensic library to analyze Registry artifacts using forensic-rs framework

    v0.1.0 #forensics #windows #parser

  71. velociraptor_api

    API client for Velociraptor (https://github.com/Velocidex/velociraptor)

    v0.1.0 #command-line #forensics #api

  72. chat4n6-core

    DAR archive parser and filesystem abstraction for chat4n6

    v0.1.1 #forensics #android #dar #filesystem

  73. thumbsdbkit

    forensic command line tool for analyzing and extracting thumbnails from Microsoft Thumbs.db files

    v1.0.1 #thumbnail #forensics #thumbsdb #parser #command-line

  74. emd-ebpf-impl

    The internal eBPF implementation (for use by emd-ebpf). This implementation is intended to use only with bpfel-unknown-none target

    v1.1.1 290 #forensics #ebpf #security

  75. zffmetareader

    A command line utility to read the metadata of a zff image

    v0.10.1 #forensics #file-format #security

  76. frnsc-sqlite

    Sqlite implementation of SqlDb trait of ForensicRS

    v0.1.0 #forensics #windows #sql #parser

  77. pol_export

    Exporter for Windows Registry Policy Files

    v0.2.1 #windows-registry #exporter #policy #forensics #file #digital-forensics

  78. dfirtk-sessionevent-derive

    CLI tools for digital forensics and incident response

    v0.1.0 #incident-response #forensics #digital-forensics #cli