Welcome to the Vortex Repository

This repository enables you to look under the hood of digital forensics. We believe that understanding how your operating system works shouldn't be reserved for elite security researchers. Here, you will find deep dives into specific artifacts, file formats, and system behaviors that our tools analyze.

Our Mission - Transparency in Digital Forensics

In the world of forensic science, "trust me, it works" is not an acceptable answer. An investigator must be able to explain the source of their evidence. We document the structures we parse so that you can verify our tools' output against the raw data yourself.

Vortex Forensic provides a suite of specialized utilities designed to parse, analyze and visualize complex operating system artifacts to detect malicious activity. Built with performance and accuracy in mind, completely free of tracking and bloat.

Our Tools

Vortex Viewer - Universal Execution History Viewer and Process Memory Extractor.

Vortex Prefetch - Analyze Windows Prefetch files (.pf) to track application execution.

Vortex PCA - Parser for Program Compatibility Assistant artifacts.

Vortex AmCache - Extract execution history from the AmCache hive.

Vortex FAT - File Allocation Table analyzer and file recovery tool.

Vortex MFTPlus - NTFS Parser for MFT, USN Journal, $LogFile, $I30 and $ObjId.

Vortex Web Tools - Additional web-based tools for forensic analysis or comparison.