https://github.com/dfir-dd/kirby

A script to parse several forensic artifacts of given windows (triage) images, using dissect
https://github.com/dfir-dd/kirby

cli dfir digital-forensics dissect forensics forensics-tools python

Last synced: about 1 year ago
JSON representation

A script to parse several forensic artifacts of given windows (triage) images, using dissect

• Host: GitHub
• URL: https://github.com/dfir-dd/kirby
• Owner: dfir-dd
• License: gpl-3.0
• Created: 2023-10-06T10:39:53.000Z (over 2 years ago)
• Default Branch: main
• Last Pushed: 2024-05-31T12:00:29.000Z (about 2 years ago)
• Last Synced: 2025-02-01T10:42:48.411Z (over 1 year ago)
• Topics: cli, dfir, digital-forensics, dissect, forensics, forensics-tools, python
• Language: Python
• Homepage: https://github.com/dfir-dd/kirby/
• Size: 1.01 MB
• Stars: 1
• Watchers: 2
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          


  


    

  



# kirby

A cute script to parse several forensic artifacts of given windows (triage) images, using [dissect](https://github.com/fox-it/dissect).

## Usage

```

usage: kirby [-h] -o OUTPUT [--overwrite] TARGETS [TARGETS ...]

parse forensic artifacts from windows images, using dissect

positional arguments:

  TARGETS               Path to single target or directory with multiple targets to parse

options:

  -h, --help            show this help message and exit

  -o OUTPUT, --output OUTPUT

                        Specify the output directory

  --overwrite           overwrite destination directory

```

## Output

- hostinfo.csv - hostinfo of all targets parsed

- Directory (named by the hostname of the image) including:

  - hostinfo_\.csv - with information of hostname, domain, windows version, install date, language, timezone, ips and users

  - other output of different dissect plugins