The Cold Disk Quick Response (CDQR) is a fast and easy to use forensic artifact parsing tool that can be used on both disk images and mounted drives, and extracts artifacts from Windows, Linux and OS X devices.
This program uses Plaso and a streamlined list of parsers to quickly analyze a forenisic image file (dd, E01, .vmdk, etc) or group of forensic artifacts. The results are output in the following report files in CSV format:
- 14 Reports for DATT: Event Logs, File System, MFT, UsnJrnl, Internet History, Prefetch, Registry, Scheduled Tasks, Persistence, System Information, AntiVirus, Firewall, Mac, and Linux
- 12 Reports for Win: Event Logs, File System, MFT, UsnJrnl, Internet History, Prefetch, Registry, Scheduled Tasks, Persistence, System Information, AntiVirus, Firewall
- 7 Reports for Mac and Linux: File System, Internet History, System Information, AntiVirus, Firewall, Mac, and Linux
Comments are closed.