fact

module
v0.21.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 4, 2024 License: MIT

README

FACT

Forensic Artifacts Collecting Toolkit.

# fmount image.dd | ffind | flog

Tools

License

Released under the MIT License.

Directories

Path Synopsis
cmd
ffind
Find forensic artifacts in mount points or on the live system.
Find forensic artifacts in mount points or on the live system.
fkey
Shows all BitLocker Recovery Key IDs of an image.
Shows all BitLocker Recovery Key IDs of an image.
flog
Log forensic artifacts as JSON in ECS.
Log forensic artifacts as JSON in ECS.
flog.evtx
Log Windows event logs as JSON in ECS.
Log Windows event logs as JSON in ECS.
fmount
Mount forensic disk images for read-only processing.
Mount forensic disk images for read-only processing.
fmount.dd
Mount forensic raw or dd disk images for read-only processing.
Mount forensic raw or dd disk images for read-only processing.
internal
fact
Fact definitions.
Fact definitions.
fact/ez
Fact ez functions.
Fact ez functions.
fact/hash
Hash functions.
Hash functions.
fact/zip
Zip archive functions.
Zip archive functions.
ffind
Volume Shadow Copy functions (Error stub).
Volume Shadow Copy functions (Error stub).
flog
File functions.
File functions.
fmount
Dislocker functions.
Dislocker functions.
sys
System functions.
System functions.
test
Test functions.
Test functions.
pkg
ecs
ECS event mapping functions.
ECS event mapping functions.
ffind
FFind implementation details.
FFind implementation details.
fkey
FKey implementation details.
FKey implementation details.
flog
FLog implementation details.
FLog implementation details.
flog/evtx
Evtx implementation details.
Evtx implementation details.
fmount
FMount implementation details.
FMount implementation details.
fmount/dd
DD implementation details.
DD implementation details.
windows
Windows system artifact enumeration functions.
Windows system artifact enumeration functions.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL