The purpose of PowerForensics is to provide an all inclusive framework for hard drive forensic analysis.
PowerForensics currently supports NTFS and FAT file systems, and work has begun on Extended File System and HFS+ support.
All PowerForensics documentation has been moved to Read The Docs.
Detailed instructions for installing PowerForensics can be found here.
PowerForensics is built on a C# Class Library (Assembly) that provides a public API for forensic tasks.
The public API provides a modular framework for adding to the capabilities exposed by the PowerForensics module.
All of this module’s cmdlets are built on this public API and tasks can easily be expanded upon to create new cmdlets.
API documentation can be found here.
Adversaries may use binary padding to add junk data and change the on-disk representation of…
At the moment the default configuration when the run_server butler command uses docker containers to run the…
This new, advanced ROP framework made it debute at at DEF CON 31 with some…
ANDROPHSY is an opensource forensic tool for Android smartphones that helps digital forensic investigator throughout…
This package has been deprecated, and is not being maintained by MSFT anymore. This library…
This is open-source, but I also offer a SaaS solution that has check-if-email-exists packaged in a nice friendly web…