CyLR

The CyLR tool efficiently collects forensic artifacts from hosts that use NTFS file systems. It does this quickly and securely, while also minimizing the impact on the host system.

It provides quick collection of raw files without relying on the Windows API. By default, it collects key artifacts and allows you to specify custom targets. It can acquire special files and files that are currently in use. You can use glob and regular expression patterns for defining custom targets. Data is collected into a zip file with customizable settings, and you have the option to specify an SFTP destination for the file archive. CyLR operates on .NET Core and runs natively on Windows, Linux, and MacOS.