A shell pipeline for extracting forensic artifacts from disk images in ECS format. Important artifacts will be processed and provided for ingestion with Logstash.
# fmount disk.raw | ffind | flog -D logstashMount various disk images for forensic read-only processing.
Find forensic artifacts in mount points or the live system.
Log forensic artifacts as JSON in ECS format.
All released under the MIT License.