Forensics Tools for AD
Joachim Metz and Csaba Barta have written excellent tools for the forensics analysis and offline security assessment of the Windows Active directory.
Joachim Mertzhas written a lot of libraries to handle various file formats with a forensic analysis in mind libesedb and his other projects on SourceForge and Google Code
Csaba Bartais using the export of the ds database from libesedb and is doing excellent work in parsing the data and be able to perform offline queries and exports of data with his framework ntdsxtract. Here is the excellent white paper about NTDS.DIT