Skip to content

@fox-it Fox-IT

Change the repository type filter

All

    Repositories list

    87 repositories

    • flow.record

      Public
      Recordization library
      Python
      GNU Affero General Public License v3.0
      13968Updated Aug 20, 2025Aug 20, 2025

    • acquire

      Public
      acquire is a tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container.
      Python
      GNU Affero General Public License v3.0
      35109309Updated Aug 20, 2025Aug 20, 2025

    • dissect.target

      Public
      The Dissect module tying all other Dissect modules together. It provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets).
      Python
      GNU Affero General Public License v3.0
      677115231Updated Aug 19, 2025Aug 19, 2025

    • dissect.vmfs

      Public
      Dissect module implementing a parser for the VMFS file system, used by VMware virtualization software.
      Python
      GNU Affero General Public License v3.0
      2420Updated Aug 19, 2025Aug 19, 2025

    • dissect.hypervisor

      Public
      A Dissect module implementing parsers for various hypervisor disk, backup and configuration files.
      Python
      GNU Affero General Public License v3.0
      7670Updated Aug 18, 2025Aug 18, 2025

    • citrix-netscaler-triage

      Public
      Dissect triage script for Citrix NetScaler devices
      dfirnetscaleriocscitrixwebshellsdissectcve-2023-3519
      Python
      Apache License 2.0
      123500Updated Aug 16, 2025Aug 16, 2025

    • dissect.etl

      Public
      A Dissect module implementing a parser for Event Trace Log (ETL) files, used by the Windows operating system to log kernel events.
      Python
      GNU Affero General Public License v3.0
      3430Updated Aug 15, 2025Aug 15, 2025

    • target-web-demo

      Public
      Browser demo for Dissect
      1001Updated Aug 14, 2025Aug 14, 2025

    • dissect.util

      Public
      A Dissect module implementing various utility functions for the other Dissect modules.
      Python
      Apache License 2.0
      73137Updated Aug 13, 2025Aug 13, 2025

    • dissect-docs

      Public
      Dissect documentation project
      GNU Affero General Public License v3.0
      7832Updated Aug 1, 2025Aug 1, 2025

    • dissect.cstruct

      Public
      A Dissect module implementing a parser for C-like structures.
      Python
      Apache License 2.0
      2053132Updated Jul 31, 2025Jul 31, 2025

    • dissect.esedb

      Public
      A Dissect module implementing a parser for Microsofts Extensible Storage Engine Database (ESEDB), used for example in Active Directory, Exchange and Windows Update.
      Python
      Apache License 2.0
      102110Updated Jul 31, 2025Jul 31, 2025

    • dissect.executable

      Public
      A Dissect module implementing parsers for various executable formats such as PE, ELF and Macho-O.
      Python
      GNU Affero General Public License v3.0
      4253Updated Jul 31, 2025Jul 31, 2025

    • dissect.sql

      Public
      A Dissect module implementing a parsers for the SQLite database file format, commonly used by applications to store configuration data.
      Python
      GNU Affero General Public License v3.0
      6620Updated Jul 31, 2025Jul 31, 2025

    • dissect.fve

      Public
      A Dissect module implementing a parsers for full volume encryption implementations, currently Microsoft's Bitlocker Disk Encryption (BDE) and Linux Unified Key Setup (LUKS1 and LUKS2).
      Python
      GNU Affero General Public License v3.0
      2422Updated Jul 22, 2025Jul 22, 2025

    • dissect

      Public
      Dissect is a digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artefacts from various disk and file formats, developed by Fox-IT (part of NCC Group).
      dfirdissectpython
      GNU Affero General Public License v3.0
      741k51Updated Jul 17, 2025Jul 17, 2025

    • dissect.squashfs

      Public
      A Dissect module implementing a parser for the SquashFS file system.
      Python
      GNU Affero General Public License v3.0
      2071Updated Jun 26, 2025Jun 26, 2025

    • dissect.btrfs

      Public
      A Dissect module implementing a parser for the btrfs file system.
      Python
      GNU Affero General Public License v3.0
      2131Updated Jun 26, 2025Jun 26, 2025

    • dissect-workflow-templates

      Public
      Workflow templates for the dissect projects
      3200Updated Jun 26, 2025Jun 26, 2025

    • dissect.archive

      Public
      A Dissect module implementing parsers for various archive and backup formats.
      Python
      GNU Affero General Public License v3.0
      4052Updated Jun 24, 2025Jun 24, 2025

    • dissect.cobaltstrike

      Public
      Python library for dissecting and parsing Cobalt Strike related data such as Beacon payloads and Malleable C2 Profiles
      pythonparserpcappython3beaconpypy3malleable-c2-profilecobaltstrikedissect
      Python
      MIT License
      2417400Updated Jun 23, 2025Jun 23, 2025

    • dissect.extfs

      Public
      A Dissect module implementing a parser for the ExtFS file system, the native filesystem for Linux operating systems.
      Python
      GNU Affero General Public License v3.0
      2150Updated Jun 20, 2025Jun 20, 2025

    • dissect.shellitem

      Public
      A Dissect module implementing a parser for the Shellitem structures, commonly used by Microsoft Windows.
      Python
      GNU Affero General Public License v3.0
      3310Updated Jun 20, 2025Jun 20, 2025

    • dissect.volume

      Public
      A Dissect module implementing a parser for different disk volume and partition systems, for example LVM2, GPT and MBR.
      Python
      GNU Affero General Public License v3.0
      3321Updated Jun 20, 2025Jun 20, 2025

    • pcap-broker

      Public
      PCAP-over-IP server written in Golang
      pcapctfnetwork-analysistcpdumpattack-defense-ctfctf-toolpcap-over-ippeecap
      Go
      Apache License 2.0
      32400Updated Jun 2, 2025Jun 2, 2025

    • dissect-devcontainer-templates

      Public
      Dev Container templates for use in the Dissect projects
      0000Updated May 22, 2025May 22, 2025

    • dissect.regf

      Public
      A Dissect module implementing a parser for Windows registry file format, used to store application and OS configuration on Windows operating systems.
      Python
      GNU Affero General Public License v3.0
      3300Updated May 20, 2025May 20, 2025

    • dissect.ole

      Public
      A Dissect module implementing a parser for the Object Linking & Embedding (OLE) format, commonly used by document editors on Windows operating systems.
      Python
      GNU Affero General Public License v3.0
      2420Updated May 20, 2025May 20, 2025

    • dissect.contrib

      Public
      This project is a meta package. It reserves the namespace for Dissect packages made by external contributors.
      Python
      GNU Affero General Public License v3.0
      2000Updated May 20, 2025May 20, 2025

    • dissect.cim

      Public
      A Dissect module implementing a parser for the Windows Common Information Model (CIM) database, used in the Windows operating system.
      Python
      GNU Affero General Public License v3.0
      5520Updated May 20, 2025May 20, 2025