GitHub - aarsakian/PythonForensics: Python in the forensics world

##vcardParser

Parses Vcard format files and exports to a xlsx and html file as well. Requires xlsxwriter, vobject, jinja2

##HashMatcher

This script searches recursively a tree of files and creates a list of their ed2k hashes. Then, it compares the list with the ed2k hashes of records of eMule Known.met. Known.met must be transformed to xls file, this can be carried out by MetViewer or Internet Evidence Finder. If xls is exported by IEF, please remove first column.

##KeywordSearcher

Use your Encase keyword file to search for matches in the filenames of known.MET records. The first matched keyword is displayed. Known.met must be transformed to xls file, this can be carried out by MetViewer, or Internet Evidence Finder. Your keyword file must be saved in UTF8 encoding. This script tries its best to remove punctutatio characters, brackets etc.

##extractDB

Run this script to extract tables from an Microsoft SQL database. Usage python extractDB.py "WINDOWS SERVER NAME" "Database Name". External dependencies are xlsxwriter and pyodbc. There are additional arguments such as enabling threads.

Name		Name	Last commit message	Last commit date
Latest commit History 93 Commits
DahuaFS		DahuaFS
EverFocusFS		EverFocusFS
FDBextractor		FDBextractor
ucrt/DLLs		ucrt/DLLs
DNSReverser.py		DNSReverser.py
EmailReader.py		EmailReader.py
HashMatcher.py		HashMatcher.py
KeywordSearcher.py		KeywordSearcher.py
MSGreaderRLookup.py		MSGreaderRLookup.py
README.md		README.md
analyzeDoveCot.py		analyzeDoveCot.py
analyzeRoundCube.py		analyzeRoundCube.py
extractDB.py		extractDB.py
extractDB.spec		extractDB.spec
mdbExporter.py		mdbExporter.py
requirements.txt		requirements.txt
vcardParser.py		vcardParser.py

aarsakian/PythonForensics

Folders and files

Latest commit

History

Repository files navigation

About

Resources

Stars

Watchers

Forks

Languages