Registry Explorer is a new approach to interacting with Registry hives. It has several unique capabilities not found in other programs.
geolocate ip addresses in IIS ... Read More...
SDB Explorer is a GUI program that allows for interacting with Microsoft Shim databases.
WxTCmd is a parser for the new Windows 10 Timeline feature database.
Kroll Artifact Parser and Extractor (KAPE) is primarily a triage program that will target a device or storage location, find the most forensically relevant artifacts (based on your needs), and parse them within a few minutes. Because of its speed, KAPE ... Read More...
A simple way to mount Volume Shadow Copies from the command line without having to do much of anything except provide the drive letter to where the VSCs are and where you want the VSCs to be mounted to. The first requirement is having a sour ... Read More...
View CSV and Excel files, filter, group, sort, etc. with ease
Lnk file parser
Page 1 of 2
© 2019 Copyright | DFIR Training