Popular repositories Loading
-
usnjrnl-forensic
usnjrnl-forensic PublicThe most comprehensive NTFS USN Journal parser: full path reconstruction (CyberCX Rewind), TriForce correlation (MFT + LogFile + UsnJrnl), ghost record recovery, anti-forensics detection, timestomp…
Rust 26
Repositories
- disk-forensic Public
Forensic disk-image orchestrator — decodes E01/VMDK/VHDX/VHD/QCOW2/DMG containers, auto-detects MBR/GPT/APM, and routes ISO 9660 to filesystem analysis
SecurityRonin/disk-forensic’s past year of commit activity - winevt-forensic Public
EVTX forensic library suite — carve records from corrupt files, detect tampering indicators, analyze ETW sessions. No runtime deps.
SecurityRonin/winevt-forensic’s past year of commit activity - gpt-partition-forensic Public
GUID Partition Table (GPT) analyzer for Rust — parses the table and grades it: CRC32 integrity, primary/backup divergence, partition overlaps, and protective/hybrid-MBR anomalies as severity-ranked findings
SecurityRonin/gpt-partition-forensic’s past year of commit activity - mbr-partition-forensic Public
Forensic MBR analyzer: graded anomaly findings (structural, gap/slack carving, wipe & bootkit detection, CHS/LBA & GPT/VBR cross-checks) on a pure read-only MBR parser — Rust crates mbr-partition-forensic + mbr-partition-core
SecurityRonin/mbr-partition-forensic’s past year of commit activity - vhdx-forensic Public
Pure-Rust VHDX (Hyper-V) virtual-disk reader and forensic integrity analyzer: a hardened Read+Seek container reader (vhdx-core) plus a 63-code tamper/anomaly auditor with in-memory repair (vhdx-forensic) for DFIR.
SecurityRonin/vhdx-forensic’s past year of commit activity - apm-partition-forensic Public
Read-only Apple Partition Map (APM) reader + forensic anomaly auditor — overlaps, out-of-bounds, residual entries, hidden gaps as graded findings. Pure Rust, no unsafe.
SecurityRonin/apm-partition-forensic’s past year of commit activity - dar-forensic Public
Pure-Rust forensic reader + anomaly auditor for Denis Corbin DAR (Disk ARchiver) archives, incl. Passware Kit Mobile / Cellebrite mobile extractions; formats 1-11, transparent gzip/bzip2/xz/zstd/lz4/lzo, multi-volume, hardened and fuzz-tested. dar-core reader + dar-forensic analyzer.
SecurityRonin/dar-forensic’s past year of commit activity - vmdk-forensic Public
Pure-Rust VMware VMDK toolkit: vmdk-core reader (imported as vmdk; recovers damaged disks via the redundant grain directory) + vmdk-forensic analyzer (RGD adjudication, dangling-pointer & provenance findings)
SecurityRonin/vmdk-forensic’s past year of commit activity - ntfs-forensic Public
From-scratch NTFS reader (ntfs-core: MFT, attributes, indexes, data runs, LZNT1, $UsnJrnl:$J change journal over Read+Seek) plus a graded anomaly auditor (ntfs-forensic: timestomping, alternate data streams, deleted records, MFT/LogFile tamper checks) — panic-free, fuzzed, no unsafe
SecurityRonin/ntfs-forensic’s past year of commit activity - ewf-forensic Public
Forensic integrity analysis and repair for EWF (Expert Witness Format / E01) images
SecurityRonin/ewf-forensic’s past year of commit activity
People
This organization has no public members. You must be a member to see who’s a part of this organization.
Top languages
Loading…
Most used topics
Loading…