Skip to content

@fox-it Fox-IT

Change the repository type filter

All

    Repositories list

    85 repositories

    • dissect.archive

      Public
      A Dissect module implementing parsers for various archive and backup formats.
      Python
      GNU Affero General Public License v3.0
      2011Updated Mar 26, 2025Mar 26, 2025

    • dissect.cobaltstrike

      Public
      Python library for dissecting and parsing Cobalt Strike related data such as Beacon payloads and Malleable C2 Profiles
      pythonparserpcappython3beaconpypy3malleable-c2-profilecobaltstrikedissect
      Python
      MIT License
      2416400Updated Mar 25, 2025Mar 25, 2025

    • dissect.target

      Public
      The Dissect module tying all other Dissect modules together. It provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets).
      Python
      GNU Affero General Public License v3.0
      555411735Updated Mar 25, 2025Mar 25, 2025

    • dissect.util

      Public
      A Dissect module implementing various utility functions for the other Dissect modules.
      Python
      Apache License 2.0
      7379Updated Mar 24, 2025Mar 24, 2025

    • dissect.cstruct

      Public
      A Dissect module implementing a parser for C-like structures.
      Python
      Apache License 2.0
      184674Updated Mar 24, 2025Mar 24, 2025

    • dissect.jffs

      Public
      A Dissect module implementing a parser for the JFFS2 file system, commonly used by router operating systems.
      Python
      GNU Affero General Public License v3.0
      2021Updated Mar 14, 2025Mar 14, 2025

    • acquire

      Public
      acquire is a tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container.
      Python
      GNU Affero General Public License v3.0
      3099334Updated Mar 11, 2025Mar 11, 2025

    • dissect-docs

      Public
      Dissect documentation project
      GNU Affero General Public License v3.0
      7811Updated Mar 10, 2025Mar 10, 2025

    • dissect

      Public
      Dissect is a digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artefacts from various disk and file formats, developed by Fox-IT (part of NCC Group).
      dfirdissectpython
      GNU Affero General Public License v3.0
      7196831Updated Mar 10, 2025Mar 10, 2025

    • dissect.xfs

      Public
      A Dissect module implementing a parser for the XFS file system, commonly used by RedHat Linux distributions.
      Python
      GNU Affero General Public License v3.0
      6220Updated Mar 10, 2025Mar 10, 2025

    • dissect.volume

      Public
      A Dissect module implementing a parser for different disk volume and partition systems, for example LVM2, GPT and MBR.
      Python
      GNU Affero General Public License v3.0
      3301Updated Mar 10, 2025Mar 10, 2025

    • dissect.vmfs

      Public
      Dissect module implementing a parser for the VMFS file system, used by VMware virtualization software.
      Python
      GNU Affero General Public License v3.0
      2380Updated Mar 10, 2025Mar 10, 2025

    • dissect.thumbcache

      Public
      A Dissect module implementing a parser for windows thumbcache.
      Python
      GNU Affero General Public License v3.0
      2200Updated Mar 10, 2025Mar 10, 2025

    • dissect.sql

      Public
      A Dissect module implementing a parsers for the SQLite database file format, commonly used by applications to store configuration data.
      Python
      GNU Affero General Public License v3.0
      6620Updated Mar 10, 2025Mar 10, 2025

    • dissect.squashfs

      Public
      A Dissect module implementing a parser for the SquashFS file system.
      Python
      GNU Affero General Public License v3.0
      1010Updated Mar 10, 2025Mar 10, 2025

    • dissect.shellitem

      Public
      A Dissect module implementing a parser for the Shellitem structures, commonly used by Microsoft Windows.
      Python
      GNU Affero General Public License v3.0
      3310Updated Mar 10, 2025Mar 10, 2025

    • dissect.regf

      Public
      A Dissect module implementing a parser for Windows registry file format, used to store application and OS configuration on Windows operating systems.
      Python
      GNU Affero General Public License v3.0
      3311Updated Mar 10, 2025Mar 10, 2025

    • dissect.ole

      Public
      A Dissect module implementing a parser for the Object Linking & Embedding (OLE) format, commonly used by document editors on Windows operating systems.
      Python
      GNU Affero General Public License v3.0
      2400Updated Mar 10, 2025Mar 10, 2025

    • dissect.ntfs

      Public
      A Dissect module implementing a parser for the NTFS file system, used by the Windows operating system.
      Python
      GNU Affero General Public License v3.0
      5920Updated Mar 10, 2025Mar 10, 2025

    • dissect.hypervisor

      Public
      A Dissect module implementing parsers for various hypervisor disk, backup and configuration files.
      Python
      GNU Affero General Public License v3.0
      6500Updated Mar 10, 2025Mar 10, 2025

    • dissect.fve

      Public
      A Dissect module implementing a parsers for full volume encryption implementations, currently Microsoft's Bitlocker Disk Encryption (BDE) and Linux Unified Key Setup (LUKS1 and LUKS2).
      Python
      GNU Affero General Public License v3.0
      2300Updated Mar 10, 2025Mar 10, 2025

    • dissect.ffs

      Public
      A Dissect module implementing a parser for the FFS file system, commonly used by BSD operating systems.
      Python
      GNU Affero General Public License v3.0
      2200Updated Mar 10, 2025Mar 10, 2025

    • dissect.fat

      Public
      A Dissect module implementing parsers for the FAT and exFAT file systems, commonly used on flash memory based storage devices and UEFI partitions.
      Python
      GNU Affero General Public License v3.0
      4210Updated Mar 10, 2025Mar 10, 2025

    • dissect.extfs

      Public
      A Dissect module implementing a parser for the ExtFS file system, the native filesystem for Linux operating systems.
      Python
      GNU Affero General Public License v3.0
      2100Updated Mar 10, 2025Mar 10, 2025

    • dissect.executable

      Public
      A Dissect module implementing parsers for various executable formats such as PE, ELF and Macho-O.
      Python
      GNU Affero General Public License v3.0
      4153Updated Mar 10, 2025Mar 10, 2025

    • dissect.evidence

      Public
      A Dissect module implementing a parsers for various forensic evidence file containers, currently: AD1, ASDF and EWF.
      Python
      GNU Affero General Public License v3.0
      3830Updated Mar 10, 2025Mar 10, 2025

    • dissect.eventlog

      Public
      A Dissect module implementing parsers for the Windows EVT, EVTX and WEVT log file formats.
      Python
      GNU Affero General Public License v3.0
      3740Updated Mar 10, 2025Mar 10, 2025

    • dissect.etl

      Public
      A Dissect module implementing a parser for Event Trace Log (ETL) files, used by the Windows operating system to log kernel events.
      Python
      GNU Affero General Public License v3.0
      3430Updated Mar 10, 2025Mar 10, 2025

    • dissect.esedb

      Public
      A Dissect module implementing a parser for Microsofts Extensible Storage Engine Database (ESEDB), used for example in Active Directory, Exchange and Windows Update.
      Python
      Apache License 2.0
      81942Updated Mar 10, 2025Mar 10, 2025

    • dissect.clfs

      Public
      A Dissect module implementing a parser for the CLFS (Common Log File System) file system of Windows.
      Python
      GNU Affero General Public License v3.0
      3600Updated Mar 10, 2025Mar 10, 2025