+
Skip to content
/ fact Public

A shell pipeline for extracting forensic artifacts from disk images in ECS format.

License

MIT license
1 star 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

cuhsat/fact

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

112 Commits
LICENSE.md
LICENSE.md
 
 
README.md
README.md
 
 

Repository files navigation

Forensic Artifacts Collecting Toolkit

A shell pipeline for extracting forensic artifacts from disk images in ECS format. Important artifacts will be processed and provided for ingestion with Logstash.

# fmount disk.raw | ffind | flog -D logstash

fmount

Mount various disk images for forensic read-only processing.

ffind

Find forensic artifacts in mount points or the live system.

flog

Log forensic artifacts as JSON in ECS format.

License

All released under the MIT License.

About

A shell pipeline for extracting forensic artifacts from disk images in ECS format.

Topics

go pipeline fact forensic flog forensic-tools forensics-tools fmount ffind

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

1 watching

Forks

1 fork
Report repository
点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载