Thanks to visit codestin.com
Credit goes to Github.com

Skip to content
/ ffind Public

Find forensic artifacts in mount points or the live system. Part of the Forensic Artifacts Collecting Toolkit.

pkg.go.dev/github.com/cuhsat/ffind

License

MIT license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

cuhsat/ffind

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
.github/workflows
.github/workflows
 
 
internal
internal
 
 
.gitignore
.gitignore
 
 
.goreleaser.yaml
.goreleaser.yaml
 
 
LICENSE.md
LICENSE.md
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

ffind

Go Reference Go Report Card Release

Find forensic artifacts in mount points or the live system.

go install github.com/cuhsat/ffind@latest

Usage

$ ffind [-rcsuqhv] [-H CRC32|MD5|SHA1|SHA256] [-C CSV] [-Z ZIP] [MOUNT ...]

Available options:

  • -H Hash algorithm
  • -C CSV listing name
  • -Z Zip archive name
  • -r Relative paths
  • -c Volume shadow copy
  • -s System artifacts only
  • -u User artifacts only
  • -q Quiet mode
  • -h Show usage
  • -v Show version

Aritfacts

Supported artifacts for Windows 7+ systems:

License

Released under the MIT License.

About

Find forensic artifacts in mount points or the live system. Part of the Forensic Artifacts Collecting Toolkit.

pkg.go.dev/github.com/cuhsat/ffind

Topics

go windows pipeline dfir artifacts fact forensic forensic-tools forensic-tool ffind

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

v0.5.3 Latest
Aug 19, 2025

Languages