Skip to content

@fox-it Fox-IT

Change the repository type filter

All

    Repositories list

    87 repositories

    • dissect.target

      Public
      The Dissect module tying all other Dissect modules together. It provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets).
      Python
      GNU Affero General Public License v3.0
      667115337Updated Aug 7, 2025Aug 7, 2025

    • target-web-demo

      Public
      Browser demo for Dissect
      1001Updated Aug 6, 2025Aug 6, 2025

    • dissect.vmfs

      Public
      Dissect module implementing a parser for the VMFS file system, used by VMware virtualization software.
      Python
      GNU Affero General Public License v3.0
      2431Updated Aug 5, 2025Aug 5, 2025

    • dissect-docs

      Public
      Dissect documentation project
      GNU Affero General Public License v3.0
      7832Updated Aug 1, 2025Aug 1, 2025

    • dissect.cstruct

      Public
      A Dissect module implementing a parser for C-like structures.
      Python
      Apache License 2.0
      2052132Updated Jul 31, 2025Jul 31, 2025

    • dissect.esedb

      Public
      A Dissect module implementing a parser for Microsofts Extensible Storage Engine Database (ESEDB), used for example in Active Directory, Exchange and Windows Update.
      Python
      Apache License 2.0
      102110Updated Jul 31, 2025Jul 31, 2025

    • dissect.executable

      Public
      A Dissect module implementing parsers for various executable formats such as PE, ELF and Macho-O.
      Python
      GNU Affero General Public License v3.0
      4243Updated Jul 31, 2025Jul 31, 2025

    • dissect.sql

      Public
      A Dissect module implementing a parsers for the SQLite database file format, commonly used by applications to store configuration data.
      Python
      GNU Affero General Public License v3.0
      6620Updated Jul 31, 2025Jul 31, 2025

    • acquire

      Public
      acquire is a tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container.
      Python
      GNU Affero General Public License v3.0
      35107327Updated Jul 30, 2025Jul 30, 2025

    • citrix-netscaler-triage

      Public
      Dissect triage script for Citrix NetScaler devices
      dfirnetscaleriocscitrixwebshellsdissectcve-2023-3519
      Python
      Apache License 2.0
      123500Updated Jul 29, 2025Jul 29, 2025

    • dissect.fve

      Public
      A Dissect module implementing a parsers for full volume encryption implementations, currently Microsoft's Bitlocker Disk Encryption (BDE) and Linux Unified Key Setup (LUKS1 and LUKS2).
      Python
      GNU Affero General Public License v3.0
      2422Updated Jul 22, 2025Jul 22, 2025

    • flow.record

      Public
      Recordization library
      Python
      GNU Affero General Public License v3.0
      13956Updated Jul 18, 2025Jul 18, 2025

    • dissect

      Public
      Dissect is a digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artefacts from various disk and file formats, developed by Fox-IT (part of NCC Group).
      dfirdissectpython
      GNU Affero General Public License v3.0
      731k51Updated Jul 17, 2025Jul 17, 2025

    • dissect.util

      Public
      A Dissect module implementing various utility functions for the other Dissect modules.
      Python
      Apache License 2.0
      73127Updated Jul 4, 2025Jul 4, 2025

    • dissect.etl

      Public
      A Dissect module implementing a parser for Event Trace Log (ETL) files, used by the Windows operating system to log kernel events.
      Python
      GNU Affero General Public License v3.0
      3431Updated Jun 30, 2025Jun 30, 2025

    • dissect.squashfs

      Public
      A Dissect module implementing a parser for the SquashFS file system.
      Python
      GNU Affero General Public License v3.0
      2061Updated Jun 26, 2025Jun 26, 2025

    • dissect.btrfs

      Public
      A Dissect module implementing a parser for the btrfs file system.
      Python
      GNU Affero General Public License v3.0
      2121Updated Jun 26, 2025Jun 26, 2025

    • dissect-workflow-templates

      Public
      Workflow templates for the dissect projects
      3200Updated Jun 26, 2025Jun 26, 2025

    • dissect.archive

      Public
      A Dissect module implementing parsers for various archive and backup formats.
      Python
      GNU Affero General Public License v3.0
      4052Updated Jun 24, 2025Jun 24, 2025

    • dissect.cobaltstrike

      Public
      Python library for dissecting and parsing Cobalt Strike related data such as Beacon payloads and Malleable C2 Profiles
      pythonparserpcappython3beaconpypy3malleable-c2-profilecobaltstrikedissect
      Python
      MIT License
      2417300Updated Jun 23, 2025Jun 23, 2025

    • dissect.extfs

      Public
      A Dissect module implementing a parser for the ExtFS file system, the native filesystem for Linux operating systems.
      Python
      GNU Affero General Public License v3.0
      2150Updated Jun 20, 2025Jun 20, 2025

    • dissect.shellitem

      Public
      A Dissect module implementing a parser for the Shellitem structures, commonly used by Microsoft Windows.
      Python
      GNU Affero General Public License v3.0
      3310Updated Jun 20, 2025Jun 20, 2025

    • dissect.volume

      Public
      A Dissect module implementing a parser for different disk volume and partition systems, for example LVM2, GPT and MBR.
      Python
      GNU Affero General Public License v3.0
      3321Updated Jun 20, 2025Jun 20, 2025

    • pcap-broker

      Public
      PCAP-over-IP server written in Golang
      pcapctfnetwork-analysistcpdumpattack-defense-ctfctf-toolpcap-over-ippeecap
      Go
      Apache License 2.0
      32400Updated Jun 2, 2025Jun 2, 2025

    • dissect-devcontainer-templates

      Public
      Dev Container templates for use in the Dissect projects
      0000Updated May 22, 2025May 22, 2025

    • dissect.regf

      Public
      A Dissect module implementing a parser for Windows registry file format, used to store application and OS configuration on Windows operating systems.
      Python
      GNU Affero General Public License v3.0
      3300Updated May 20, 2025May 20, 2025

    • dissect.ole

      Public
      A Dissect module implementing a parser for the Object Linking & Embedding (OLE) format, commonly used by document editors on Windows operating systems.
      Python
      GNU Affero General Public License v3.0
      2420Updated May 20, 2025May 20, 2025

    • dissect.hypervisor

      Public
      A Dissect module implementing parsers for various hypervisor disk, backup and configuration files.
      Python
      GNU Affero General Public License v3.0
      7681Updated May 20, 2025May 20, 2025

    • dissect.contrib

      Public
      This project is a meta package. It reserves the namespace for Dissect packages made by external contributors.
      Python
      GNU Affero General Public License v3.0
      2000Updated May 20, 2025May 20, 2025

    • dissect.cim

      Public
      A Dissect module implementing a parser for the Windows Common Information Model (CIM) database, used in the Windows operating system.
      Python
      GNU Affero General Public License v3.0
      5520Updated May 20, 2025May 20, 2025