fact

module

v0.14.9 Latest Latest Go to latest Published: May 29, 2024 License: MIT

Details

Forensic Artifacts Collecting Toolkit.

# fmount image.dd | ffind | flog

Released under the MIT License.

Path	Synopsis
cmd
ffind Find forensic artifacts in mount points or on the live system.	Find forensic artifacts in mount points or on the live system.
flog Log forensic artifacts information in ECS schema.	Log forensic artifacts information in ECS schema.
flog.evtx Log Windows event logs information in ECS schema.	Log Windows event logs information in ECS schema.
fmount Mount forensic disk images for read-only processing.	Mount forensic disk images for read-only processing.
fmount.dd Mount forensic raw or dd disk images for read-only processing.	Mount forensic raw or dd disk images for read-only processing.
internal
fact Fact 3rd party functions.	Fact 3rd party functions.
fact/hash Hash functions.	Hash functions.
fact/zip Zip archive functions.	Zip archive functions.
flog File functions.	File functions.
sys System functions.	System functions.
test Test functions.	Test functions.
pkg
ecs ECS event mapping functions.	ECS event mapping functions.
ffind FFind implementation details.	FFind implementation details.
flog FLog implementation details.	FLog implementation details.
flog/evtx Evtx implementation details.	Evtx implementation details.
fmount FMount implementation details.	FMount implementation details.
fmount/dd DD implementation details.	DD implementation details.
windows Windows system artifact enumeration functions.	Windows system artifact enumeration functions.