rust-forensics

Here are 3 public repositories matching this topic...

SecurityRonin / exec-pe-forensic

PE (Windows executable) forensic analyzer — pe-core parses PE32/PE64 headers (sections, imports, entropy); pe-analysis grades MITRE-tagged anomalies (suspicious imports, packing/entropy, process-injection IOCs)

windows rust security incident-response forensics dfir malware-analysis pe portable-executable mitre-attack packer-detection rust-forensics

Updated Jun 9, 2026
Rust

SecurityRonin / journald-forensic

Star

From-scratch systemd journal (.journal) forensic reader — parse entries without journalctl/systemd, carve from unallocated space, and flag tampering (sequence gaps, timestamp regressions, truncation, online-state)

linux rust security log-analysis systemd incident-response forensics dfir journald anti-forensics log-forensics rust-forensics

Updated Jun 9, 2026
Rust

SecurityRonin / ntfs-forensic

Star

From-scratch NTFS reader (ntfs-core: MFT, attributes, indexes, data runs, LZNT1, $UsnJrnl:$J change journal over Read+Seek) plus a graded anomaly auditor (ntfs-forensic: timestomping, alternate data streams, deleted records, MFT/LogFile tamper checks) — panic-free, fuzzed, no unsafe

rust security filesystem incident-response forensics dfir ntfs digital-forensics anti-forensics mft change-journal alternate-data-streams disk-forensics usn-journal timestomping rust-forensics

Updated Jun 10, 2026
Rust

Improve this page

Add a description, image, and links to the rust-forensics topic page so that developers can more easily learn about it.

Curate this topic

Add this topic to your repo

To associate your repository with the rust-forensics topic, visit your repo's landing page and select "manage topics."

Learn more

Provide feedback

Saved searches

Use saved searches to filter your results more quickly