fact

module

v0.24.1 Latest Latest Go to latest Published: Jun 8, 2024 License: MIT

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/cuhsat/fact

Links

Open Source Insights

README ¶

FACT

Forensic Artifacts Collecting Toolkit.

# fmount image.dd | ffind | flog

Tools

License

Released under the MIT License.

Directories ¶

Path	Synopsis
cmd
ffind Find forensic artifacts in mount points or on the live system.	Find forensic artifacts in mount points or on the live system.
flog Log forensic artifacts as JSON in ECS.	Log forensic artifacts as JSON in ECS.
flog.evtx Log Windows event logs as JSON in ECS.	Log Windows event logs as JSON in ECS.
fmount Mount forensic disk images for read-only processing.	Mount forensic disk images for read-only processing.
fmount.dd Mount forensic raw or dd disk images for read-only processing.	Mount forensic raw or dd disk images for read-only processing.
fmount.vmdk Mount forensic VMDK disk images for read-only processing.	Mount forensic VMDK disk images for read-only processing.
internal
fact Fact definitions.	Fact definitions.
fact/ez Fact ez functions.	Fact ez functions.
fact/hash Hash functions.	Hash functions.
fact/zip Zip archive functions.	Zip archive functions.
ffind FFind functions.	FFind functions.
flog File functions.	File functions.
fmount Dislocker functions.	Dislocker functions.
sys System functions.	System functions.
test Test functions.	Test functions.
pkg
ecs ECS event mapping functions.	ECS event mapping functions.
ffind FFind implementation details.	FFind implementation details.
flog FLog implementation details.	FLog implementation details.
flog/evtx Evtx implementation details.	Evtx implementation details.
fmount FMount implementation details.	FMount implementation details.
fmount/dd DD implementation details.	DD implementation details.
fmount/vmdk VMDK implementation details.	VMDK implementation details.
windows Windows system artifact enumeration functions.	Windows system artifact enumeration functions.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL