The Sleuth Kit® (TSK) is a library and collection of command line digital forensics tools that allow you to investigate volume and file system data. The library can be incorporated into larger digi…

C++ 2,981 673 Updated Jan 24, 2026

log2timeline / plaso

Super timeline all the things

Python 2,011 405 Updated Feb 9, 2026

mypyc / mypyc

Compile type annotated Python to fast C extensions

1,914 47 Updated Apr 17, 2023

obsidianforensics / hindsight

Browser forensics tool for Google Chrome (and other Chromium-based browsers)

Python 1,380 175 Updated Feb 3, 2026

fox-it / dissect

Dissect is a digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artefacts from various disk and file formats, developed by Fox-IT (pa…

1,072 80 Updated Nov 25, 2025

construct / construct

Forked from MostAwesomeDude/construct

Construct: Declarative data structures for python that allow symmetric parsing and building

Python 996 165 Updated Apr 22, 2025

obsidianforensics / unfurl

Extract and Visualize Data from URLs using Unfurl

Python 712 65 Updated Jan 29, 2026

AndrewRathbun / DFIRArtifactMuseum

The goal of this repo is to archive artifacts from all versions of various OS's and categorizing them by type. This will help with artifact validation processes as well as increase access to artifa…

HTML 645 50 Updated Nov 7, 2025

thewhiteninja / ntfstool

Forensics tool for NTFS (parser, mft, bitlocker, deleted files)

C++ 592 112 Updated Jul 23, 2023

libyal / libewf

Libewf is a library to access the Expert Witness Compression Format (EWF)

C 298 82 Updated Dec 20, 2025

Beercow / OneDriveExplorer

OneDriveExplorer is a command line and GUI based application for reconstructing the folder structure of OneDrive from the <UserCid>.dat and <UserCid>.dat.previous file.

Python 228 25 Updated Jan 6, 2026

libyal / libfsntfs

Library and tools to access the Windows New Technology File System (NTFS)

C 226 57 Updated Feb 8, 2026

Digital-Forensics-Discord-Server / TheHitchhikersGuidetoDFIRExperiencesFromBeginnersandExperts

The official repo for a project involving a crowdsourced DFIR book. The main purpose of this book is to give anyone interested an opportunity to write a chapter of a book to get their name out ther…

Ruby 218 23 Updated Dec 30, 2025

msuhanov / dfir_ntfs

An NTFS/FAT parser for digital forensics & incident response

Python 217 33 Updated Oct 31, 2025

msuhanov / yarp

Yet another registry parser

Python 138 15 Updated Apr 15, 2022

harelsegev / prefetch-hash-cracker

A small util to brute-force prefetch hashes

Rust 77 12 Updated Jun 24, 2022

harelsegev / INDXRipper

Carve file metadata from NTFS index ($I30) attributes

Python 70 5 Updated Feb 3, 2024

alpine-sec / SPECTR3

Forensic tool for acquisition, triage and analysis of remote block devices via iSCSI protocol.

C# 44 5 Updated Oct 25, 2024

zff-team / zff-rs

Library to handle the files in zff format (file format to store and handle forensic acquisitions).

Rust 21 1 Updated Feb 9, 2026

randomaccess3 / block-parser

Forked from AlexSchrichte/block-parser

Parser for Windows PowerShell script block logs

Python 15 4 Updated Nov 4, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Harel Segev harelsegev

Achievements

Achievements

Block or report harelsegev

Starred repositories

valinet / ExplorerPatcher

emilk / egui

bee-san / Ciphey

adityatelange / hugo-PaperMod

ufrisk / MemProcFS

volatilityfoundation / volatility3

mandiant / flare-floss

WithSecureLabs / chainsaw

sleuthkit / sleuthkit