Skip to content

f0x4n6/ffind

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
.github/workflows
.github/workflows
 
 
internal
internal
 
 
.gitignore
.gitignore
 
 
.goreleaser.yaml
.goreleaser.yaml
 
 
LICENSE.md
LICENSE.md
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

ffind

Find forensic artifacts in mount points or the live system.

go install go.foxforensics.dev/ffind@latest

Usage

$ ffind [-rcsuqhv] [-H CRC32|MD5|SHA1|SHA256] [-C CSV] [-Z ZIP] [MOUNT ...]

Available options:

  • -H Hash algorithm
  • -C CSV listing name
  • -Z Zip archive name
  • -r Relative paths
  • -c Volume shadow copy
  • -s System artifacts only
  • -u User artifacts only
  • -q Quiet mode
  • -h Show usage
  • -v Show version

Artifacts

Supported artifacts for Windows 7+ systems:

License

Released under the MIT License.

About

Find forensic artifacts in mount points or the live system. Part of the Forensic Artifacts Collecting Toolkit.

pkg.go.dev/go.foxforensics.dev/ffind

Topics

go windows pipeline dfir artifacts fact forensic forensic-tools forensic-tool ffind

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases 4

v0.5.6 Latest
Mar 28, 2026
+ 3 releases

Contributors 1

Languages