nannib/Raw2FS nannib/Raw2FS

  • Stars
    star
    7
  • Rank 2,286,325 (Top 46 %)
  • Language
    Shell
  • Created almost 9 years ago
  • Updated almost 9 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
nannib/Raw2FS
github

nannib

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Bash script for computer forensics - It's possible to resolve the file name starting from the carved file name generated by the Foremost tool and save it, it generates an HTML report. It's possible to resolve the file name starting from the offset of a "grep" keywords search. The tool identifies automatically the change of the partition and, if the keyword is contained into the slack space, saves the sector/cluster/block where it is. (remember that for fat -> sector, ntfs -> cluster, ext2/3 -> block) (The SleuthKit based)

More Repositories

1

Imm2Virtual

This is a GUI (for Windows 64 bit) for a procedure to virtualize your EWF(E01), DD (raw), AFF disk image file without converting it, directly with VirtualBox, forensically proof.
Pascal
44
star
2

crypto

# rsa_nb vigenere_nb Python programs for didactic use only just for explaining the basic working and rules of RSA and Vigenere algorithm
Python
9
star
3

NBTEMPOW

NBTempoW V. 2.1 is a forensic tool for making timelines from block devices image files (raw, ewf,physicaldrive, etc.). It uses TSK (The Sleuthkit) and it has been developed with Lazarus V. 1.6.2 ( Delphi compatible cross-platform IDE for Rapid Application Development). It runs only in Windows. If the device image file is splitted, you can select just the first chunk.
Pascal
7
star
4

xall

This is a forensic data and file extractor from devices and image files. sudo ./xall_1.x.x.sh for running it. It mounts a DD/EWF image files or devices (e.g. /dev/sdb); it copies all the allocated files, it extracts all deleted files and the slack space; It makes a data carving on the free space only. You can choose each type of extraction. It uses a GUI made with YAD (Yet Another Dialog), so it's simple and fast to use. You need: Don't use blank spaces in the image filename! YAD XMount The Sleuthkit (latest release) Photorec MD5Deep
Shell
5
star
5

ks

This is a keywords searching tool.
1
star
6

dbdec

DBCrack By Francesco Picasso - April 30, 2017 - Lazarus GUI for Windows by Nanni Bassetti (www.nannibassetti.com). DropBox decryptor
Python
1
star