fact

module
v0.14.11 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 29, 2024 License: MIT

README

FACT

Forensic Artifacts Collecting Toolkit.

# fmount image.dd | ffind | flog

Tools

License

Released under the MIT License.

Directories

Path Synopsis
cmd
ffind
Find forensic artifacts in mount points or on the live system.
Find forensic artifacts in mount points or on the live system.
flog
Log forensic artifacts information in ECS schema.
Log forensic artifacts information in ECS schema.
flog.evtx
Log Windows event logs information in ECS schema.
Log Windows event logs information in ECS schema.
fmount
Mount forensic disk images for read-only processing.
Mount forensic disk images for read-only processing.
fmount.dd
Mount forensic raw or dd disk images for read-only processing.
Mount forensic raw or dd disk images for read-only processing.
internal
fact
Fact 3rd party functions.
Fact 3rd party functions.
fact/hash
Hash functions.
Hash functions.
fact/zip
Zip archive functions.
Zip archive functions.
flog
File functions.
File functions.
sys
System functions.
System functions.
test
Test functions.
Test functions.
pkg
ecs
ECS event mapping functions.
ECS event mapping functions.
ffind
FFind implementation details.
FFind implementation details.
flog
FLog implementation details.
FLog implementation details.
flog/evtx
Evtx implementation details.
Evtx implementation details.
fmount
FMount implementation details.
FMount implementation details.
fmount/dd
DD implementation details.
DD implementation details.
windows
Windows system artifact enumeration functions.
Windows system artifact enumeration functions.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL