Forensics & IR

Memory, disk, hunting artifacts, and incident response.

GUI digital forensics platform built on The Sleuth Kit for disk images, timelines, keyword search, and artifact parsing.

Read and write metadata in images, documents, and media — GPS, camera info, author fields, and hidden tags.

File carving tool that recovers files from disk images by header/footer signatures when filesystem metadata is missing.

Steganography and hidden-data extraction for CTF and forensics: images, audio, files, and embedded archives.

CLI forensic toolkit to analyze disk images — partition tables, inode listing, and file carving without GUI.

Endpoint visibility and digital forensic platform with VQL for hunting, collections, and incident response at scale.

Memory forensics framework for extracting processes, credentials, and malware artifacts from RAM dumps.

Pattern matching language to identify malware families, IOCs, and suspicious byte sequences in files and memory.