没有任何数据可供显示
开源项目社区 | 当前位置 : |
|
www.trustie.net/open_source_projects | 主页 > 开源项目社区 > Virtual Forensic Artifact Extractor |
Virtual Forensic Artifact Extractor
|
1 | 0 | 10 |
贡献者 | 讨论 | 代码提交 |
VFAE is windows based tool written in C++ that extracts files with a known location from VMDK images running the Windows operating system. The tool utilizes the VDDK (Virtual Disk Development Kit) API for the heavy lifting such as mounting, opening, and reading the VMDK selected. When vfae.exe is executed, it copies out files from an off-line VMDK file. The application allows the user to conduct a quick triage of the Windows directory structure by outputing the results to a specific output file (vfae_output_.txt. Additionally, it conducts a MD5 hash value of the VMDK itself if needed. For specific file searching purposes, it searches for any filetype within the off-line VMDK based on a passed in argument via the command-line. Furthermore, you can extract those file that were fou