FSParser
A Python tool that parses raw disk images and extracts filesystem metadata directly from binary structures — MBR partition tables, FAT32 BPB, and EXT2/3/4 superblocks — with no OS calls.
Forensics
Memory Forensics with Volatility — WinXP SP2 Dump Analysis
Full walkthrough of a Windows XP SP2 memory dump using Volatility 2.6.1 — 14 plugins covering process enumeration, hidden process detection, network connections, registry artifacts, kernel modules, and live memory inspection via volshell.