Skip to content
/ kirby Public

A script to parse several forensic artifacts of given windows (triage) images, using dissect

github.com/dfir-dd/kirby/

License

GPL-3.0 license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

dfir-dd/kirby

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

45 Commits
images
images
 
 
utils
utils
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
Pipfile
Pipfile
 
 
README.md
README.md
 
 
kirby.py
kirby.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

Kirby Logo

kirby

A cute script to parse several forensic artifacts of given windows (triage) images, using dissect.

Usage

usage: kirby [-h] -o OUTPUT [--overwrite] TARGETS [TARGETS ...]

parse forensic artifacts from windows images, using dissect

positional arguments:
  TARGETS               Path to single target or directory with multiple targets to parse

options:
  -h, --help            show this help message and exit
  -o OUTPUT, --output OUTPUT
                        Specify the output directory
  --overwrite           overwrite destination directory

Output

  • hostinfo.csv - hostinfo of all targets parsed
  • Directory (named by the hostname of the image) including:
    • hostinfo_<hostname>.csv - with information of hostname, domain, windows version, install date, language, timezone, ips and users
    • other output of different dissect plugins

About

A script to parse several forensic artifacts of given windows (triage) images, using dissect

github.com/dfir-dd/kirby/

Topics

python cli forensics dfir digital-forensics dissect forensics-tools

Resources

Readme

License

GPL-3.0 license
Activity
Custom properties

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages