A Dissect module implementing a parser for Microsofts Extensible Storage Engine Database (ESEDB), used for example in Active Directory, Exchange and Windows Update.

A Dissect module implementing a parser for the Shellitem structures, commonly used by Microsoft Windows.

Dissect is a digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artefacts from various disk and file formats, developed by Fox-IT (pa…

A Dissect module implementing a parser for C-like structures.

A Dissect module implementing a parser for the XFS file system, commonly used by RedHat Linux distributions.

The Dissect module tying all other Dissect modules together. It provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collecti…

Python library for dissecting and parsing Cobalt Strike related data such as Beacon payloads and Malleable C2 Profiles

A Dissect module implementing a parser for the CLFS (Common Log File System) file system of Windows.

A Dissect module implementing a parser for Event Trace Log (ETL) files, used by the Windows operating system to log kernel events.

A Dissect module implementing parsers for the Windows EVT, EVTX and WEVT log file formats.

A Dissect module implementing a parsers for various forensic evidence file containers, currently: AD1, ASDF and EWF.

A Dissect module implementing a parser for the ExtFS file system, the native filesystem for Linux operating systems.

A Dissect module implementing parsers for the FAT and exFAT file systems, commonly used on flash memory based storage devices and UEFI partitions.

A Dissect module implementing a parser for the FFS file system, commonly used by BSD operating systems.

A Dissect module implementing a parser for the Windows Common Information Model (CIM) database, used in the Windows operating system.

A Dissect module implementing parsers for various hypervisor disk, backup and configuration files.

A Dissect module implementing a parser for the NTFS file system, used by the Windows operating system.

A Dissect module implementing a parser for the Object Linking & Embedding (OLE) format, commonly used by document editors on Windows operating systems.

A Dissect module implementing a parser for Windows registry file format, used to store application and OS configuration on Windows operating systems.

A Dissect module implementing a parsers for the SQLite database file format, commonly used by applications to store configuration data.

Dissect module implementing a parser for the VMFS file system, used by VMware virtualization software.

A Dissect module implementing a parser for different disk volume and partition systems, for example LVM2, GPT and MBR.

A Dissect module implementing various utility functions for the other Dissect modules.