{"id":13507490,"url":"https://github.com/fox-it/dissect","last_synced_at":"2025-04-08T12:02:07.888Z","repository":{"id":60771748,"uuid":"516286996","full_name":"fox-it/dissect","owner":"fox-it","description":"Dissect is a digital forensics \u0026 incident response framework and toolset that allows you to quickly access and analyse forensic artefacts from various disk and file formats, developed by Fox-IT (part of NCC Group).","archived":false,"fork":false,"pushed_at":"2024-05-07T14:05:05.000Z","size":56,"stargazers_count":859,"open_issues_count":2,"forks_count":59,"subscribers_count":18,"default_branch":"main","last_synced_at":"2024-05-07T14:16:31.181Z","etag":null,"topics":["dfir","dissect","python"],"latest_commit_sha":null,"homepage":"https://docs.dissect.tools/en/latest/","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/fox-it.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-07-21T08:26:05.000Z","updated_at":"2024-06-07T15:19:41.183Z","dependencies_parsed_at":"2022-10-04T15:04:49.391Z","dependency_job_id":"253ef444-aff3-4503-99e4-9e65702f777b","html_url":"https://github.com/fox-it/dissect","commit_stats":{"total_commits":22,"total_committers":6,"mean_commits":"3.6666666666666665","dds":0.5,"last_synced_commit":"f282405599139034af095e6a50012ecfefb11c54"},"previous_names":[],"tags_count":20,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fox-it%2Fdissect","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fox-it%2Fdissect/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fox-it%2Fdissect/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fox-it%2Fdissect/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/fox-it","download_url":"https://codeload.github.com/fox-it/dissect/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247838392,"owners_count":21004577,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dfir","dissect","python"],"created_at":"2024-08-01T02:00:35.051Z","updated_at":"2025-04-08T12:02:07.856Z","avatar_url":"https://github.com/fox-it.png","language":null,"readme":"# dissect\n\nDissect is a digital forensics \u0026 incident response framework and toolset that allows you to quickly access and analyse forensic artefacts from various disk and file formats, developed by Fox-IT (part of NCC Group).\n\nThis project is a meta package, it will install all other Dissect modules with the right combination of versions. For\nmore information, please see [the documentation](https://docs.dissect.tools/).\n\n## What is Dissect?\n\nDissect is an incident response framework build from various parsers and implementations of file formats. Tying this all together, Dissect allows you to work with tools named `target-query` and `target-shell` to quickly gain access to forensic artefacts, such as Runkeys, Prefetch files, and Windows Event Logs, just to name a few!\n\n**Singular approach**\n\nAnd the best thing: all in a singular way, regardless of underlying container (E01, VMDK, QCoW), filesystem (NTFS, ExtFS, FFS), or Operating System (Windows, Linux, ESXi) structure / combination. You no longer have to bother extracting files from your forensic container, mount them (in case of VMDKs and such), retrieve the MFT, and parse it using a separate tool, to finally create a timeline to analyse. This is all handled under the hood by Dissect in a user-friendly manner.\n\nIf we take the example above, you can start analysing parsed MFT entries by just using a command like `target-query -f mft \u003cPATH_TO_YOUR_IMAGE\u003e`!\n\n**Create a lightweight container using Acquire**\n\nDissect also provides you with a tool called `acquire`. You can deploy this tool on endpoint(s) to create a lightweight container of these machine(s). What is convenient as well, is that you can deploy `acquire` on a hypervisor to quickly create lightweight containers of all the (running) virtual machines on there! All without having to worry about file-locks. These lightweight containers can then be analysed using the tools like `target-query` and `target-shell`, but feel free to use other tools as well.\n\n**A modular setup**\n\nDissect is made with a modular approach in mind. This means that each individual project can be used on its own (or in combination) to create a completely new tool for your engagement or future use!\n\n**Try it out now!**\n\nInterested in trying it out for yourself? You can simply `pip install dissect` and start using the `target-*` tooling right away. Or you can use the interactive playground at https://try.dissect.tools to try Dissect in your browser.\n\nDon’t know where to start? Check out the [introduction page](https://docs.dissect.tools/en/latest/usage/introduction.html).\n\nWant to get a detailed overview? Check out the [overview page](https://docs.dissect.tools/en/latest/overview/).\n\nWant to read everything? Check out the [documentation](https://docs.dissect.tools).\n\n## Projects\n\nDissect currently consists of the following projects.\n\n- [dissect.archive](https://github.com/fox-it/dissect.archive)\n- [dissect.btrfs](https://github.com/fox-it/dissect.btrfs)\n- [dissect.cim](https://github.com/fox-it/dissect.cim)\n- [dissect.clfs](https://github.com/fox-it/dissect.clfs)\n- [dissect.cstruct](https://github.com/fox-it/dissect.cstruct)\n- [dissect.esedb](https://github.com/fox-it/dissect.esedb)\n- [dissect.etl](https://github.com/fox-it/dissect.etl)\n- [dissect.eventlog](https://github.com/fox-it/dissect.eventlog)\n- [dissect.evidence](https://github.com/fox-it/dissect.evidence)\n- [dissect.executable](https://github.com/fox-it/dissect.executable)\n- [dissect.extfs](https://github.com/fox-it/dissect.extfs)\n- [dissect.fat](https://github.com/fox-it/dissect.fat)\n- [dissect.ffs](https://github.com/fox-it/dissect.ffs)\n- [dissect.fve](https://github.com/fox-it/dissect.fve)\n- [dissect.hypervisor](https://github.com/fox-it/dissect.hypervisor)\n- [dissect.jffs](https://github.com/fox-it/dissect.jffs)\n- [dissect.ntfs](https://github.com/fox-it/dissect.ntfs)\n- [dissect.ole](https://github.com/fox-it/dissect.ole)\n- [dissect.regf](https://github.com/fox-it/dissect.regf)\n- [dissect.shellitem](https://github.com/fox-it/dissect.shellitem)\n- [dissect.sql](https://github.com/fox-it/dissect.sql)\n- [dissect.squashfs](https://github.com/fox-it/dissect.squashfs)\n- [dissect.target](https://github.com/fox-it/dissect.target)\n- [dissect.thumbcache](https://github.com/fox-it/dissect.thumbcache)\n- [dissect.util](https://github.com/fox-it/dissect.util)\n- [dissect.vmfs](https://github.com/fox-it/dissect.vmfs)\n- [dissect.volume](https://github.com/fox-it/dissect.volume)\n- [dissect.xfs](https://github.com/fox-it/dissect.xfs)\n\n### Related\n\nThese projects are closely related to Dissect, but not installed by this meta package.\n\n- [acquire](https://github.com/fox-it/acquire)\n- [flow.record](https://github.com/fox-it/flow.record)\n\n## Requirements\n\nThis project is part of the Dissect framework and requires Python.\n\nInformation on the supported Python versions can be found in the Getting Started section of [the documentation](https://docs.dissect.tools/en/latest/index.html#getting-started).\n\n## Installation\n\n`dissect` is available on [PyPI](https://pypi.org/project/dissect/).\n\n```bash\npip install dissect\n```\n\n## Build and test instructions\n\nThis project uses `tox` to build source and wheel distributions. Run the following command from the root folder to build\nthese:\n\n```bash\ntox -e build\n```\n\nThe build artifacts can be found in the `dist/` directory.\n\n`tox` is also used to run linting and unit tests in a self-contained environment. To run both linting and unit tests\nusing the default installed Python version, run:\n\n```bash\ntox\n```\n\nFor a more elaborate explanation on how to build and test the project, please see [the\ndocumentation](https://docs.dissect.tools/en/latest/contributing/tooling.html).\n\n## Contributing\n\nThe Dissect project encourages any contribution to the codebase. To make your contribution fit into the project, please\nrefer to [the development guide](https://docs.dissect.tools/en/latest/contributing/developing.html).\n\n## Copyright and license\n\nDissect is released as open source by Fox-IT (\u003chttps://www.fox-it.com\u003e) part of NCC Group Plc\n(\u003chttps://www.nccgroup.com\u003e).\n\nDeveloped by the Dissect Team (\u003cdissect@fox-it.com\u003e) and made available at \u003chttps://github.com/fox-it/dissect\u003e.\n\nLicense terms: AGPL3 (\u003chttps://www.gnu.org/licenses/agpl-3.0.html\u003e). For more information, see the LICENSE file.\n","funding_links":[],"categories":["IR Tools Collection","Tools"],"sub_categories":["All-In-One Tools","Frameworks"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffox-it%2Fdissect","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffox-it%2Fdissect","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffox-it%2Fdissect/lists"}