FACT is designed to automate repetitive tasks and reduces the examiner efforts and expedite the investigation by extracting vital artifacts from a mounted device, and there after apply advanced intelligence to uncover details.
- It provides a wealth of essential details about the target device, including Host-name, IP-Address, Domain Accounts, Local Accounts, and many more.
- One of its standout features is the ability to construct a comprehensive timeline by detecting crucial key events from Eventlogs, offering a crystal-clear chronology of activities performed on the target device.
- Currently FACT Tool is focusing on key event pertaining to Account Logon Activities, Suspicious RDP connection, Activities related to New Account Creation/Deletion, Software Installation/Uninstallation Activity, Eventlog clearing, Windows Defender Event Analysis.
FACT uses number of tools/software which you may have previously utilized like: Arsenal Image Mounter, RegRipper, KAPE, CyLR, Eric Zimmerman tools, Flask Framework
- And of course FACT itself is a open source with a public repository on GitHub.
Just Download FACT executable from following link: FACT and Run it as Administrator.
!that's all it required!
Want to contribute? Reach out to us via email "[email protected]"
MIT
** Free Software **