-
Notifications
You must be signed in to change notification settings - Fork 0
Home
Eduardo Aguiar edited this page Dec 30, 2025
·
6 revisions
Welcome to the official wiki for Mobius Forensic Toolkit, an open-source digital forensics framework designed for case management, evidence processing, and extensible artifact analysis.
Mobius Forensic Toolkit is a powerful, modular tool written in C++20 and Python 3, providing both native C++ and Python APIs for flexibility and custom development.
It specializes in:
- Forensic image and device handling
- Windows artifact decryption and registry reconstruction
- In-depth parsing of browsers, P2P clients, and communication apps
- Customizable case profiles for controlled evidence collection
The project is hosted on GitHub: eduardoaguiar-oss/mobiusft
- Home (you are here)
- Getting-Started
- Installation
- User-Guide
- Supported-Applications
- Extension-Development
- Case-Profiles
- Changelog
- Screenshots
- Contributing
- Links
- Broad Data Source Support — Native handling of forensic images (RAW, EWF, VHD/VHDX, MSR, etc.), physical devices, and Cellebrite UFDR files with automatic MSR decryption.
- Windows Artifact Recovery — Automatic decryption of secrets (DPAPI blobs, LSA, Wi-Fi passwords) and full logical Windows Registry reconstruction.
- Case Management — Organize multiple evidence sources in a single case with customizable processing profiles.
-
Extensibility — Create custom C++ or Python extensions; modern
vfs_processor_implarchitecture for profile-aware processing. - Application Parsing — Deep support for Chromium-based browsers, Skype (v4–14), P2P clients (eMule/aMule, µTorrent/Web, Ares, Shareaza), and more.
- Integration — Enhanced IPED frontend with memory controls and resume capability.
- Downloads: Latest releases at GitHub Releases
- Source Code: GitHub Repository
- Issue Tracker: Report bugs or request features here
- Legacy Homepage: nongnu.org/mobiusft
Thank you for using Mobius Forensic Toolkit! Your feedback helps improve the project.