Prototypes

• Below are various tools that cover a wide range of Windows digital computer forensic analysis.
  Warning: please read the Disclaimer prior to downloading or running these tools.
  
  

  Artifact Analysis

  • Windows Prefetch Parser - pf
  • Windows 'index.dat' Parser - id
  • Windows LNK Parsing Utility - lp
  • Windows USB Storage Parser - usp
  • Windows Jump List Parser - jmp

  Registry and Event Log Analysis

  • Yet Another Registry Utility - yaru
  • Windows Event Log Viewer - evtx_view
  • Windows ShellBag Parser - sbag
  • Computer Account Forensic Artifact Extractor - cafae
  • Windows Event Log Parser - evtwalk

  NTFS Filesystem Analysis

  • Windows Journal Parser - jp
  • NTFS Directory Enumerator - ntfsdir
  • NTFS File Copy Utility - ntfscopy
  • Windows $MFT and NTFS Metadata Extractor Tool - ntfswalk
  • Windows INDX Slack Parser - wisp

  Network Support Utilities

  • DNS Query Utility - dqu
  • Packet Capture ICMP Carver - pic
  • Network Xfer Client/Server Utility - nx

  Portable Executable Utilities

  • Windows Portable Executable Viewer - pe_view
  • Portable Executable Scanner - pescan

  Miscellaneous Tools

  • Windows Symbol Fetch Utility - sf

  ---