Interactive
Eye Describe Anatomy
Explore the binary structure and logic of Windows artifacts through interactive modules. The same knowledge base grounds Eye AI, Crow-Eye's forensic AI assistant.
Visualizer
Prefetch Anatomy
Interactive forensic dissection of Windows Prefetch (.pf) files. Visualize headers, file metrics, and execution history.
Explore Anatomy
Visualizer
LNK File Anatomy
Interactive breakdown of the ShellLink (.LNK) binary format. Visualize headers, IDLists, and extra data blocks.
Explore Anatomy
Visualizer
NTFS MFT Anatomy
Dissect the 1024-byte FILE record. Visualize the header, $STANDARD_INFORMATION, $FILE_NAME, $DATA, and the attribute stream.
Explore Anatomy
Visualizer
USN Journal Anatomy
NTFS's change log. Walk USN_RECORD_V2 / V3, all 24 reason flags, and the gap-analysis pattern for evicted records.
Explore Anatomy
Logic
Automatic Jump Lists Anatomy
Understand how Windows tracks frequent and recent destinations. Breakdown of the DestList and OLE structure.
View Breakdown
Logic
Custom Jump Lists Anatomy
Analysis of application-specific jump lists. Explore how pinned and custom tasks are stored.
View Analysis
System
Windows Boot Disk Explorer
Interactive exploration of UEFI/GPT boot partitions and critical forensic system files.
Explore Disk
Visualizer
Windows Process Tree
Walk the process genealogy: parent-child relationships, PID/PPID lineage, and how to spot anomalous spawns during triage.
Explore Tree