Top picks: Joe Sandbox DEC, WindowsSCOPE, CAPA — plus 45 more compared.
Security Operationshollows_hunter is a free tool. Security professionals most commonly compare it with . All 48 alternatives are matched by shared capabilities, tags, and NIST CSF 2.0 coverage.
A closer look at the 8 most relevant alternatives and competitors to hollows_hunter, including their key features and shared capabilities.
Plugin that decompiles malware PE files into readable C code using hybrid analysis.
A comprehensive incident response tool for Windows computers, providing advanced memory forensics and access to locked systems.
CAPA is a static analysis tool that detects and reports capabilities in executable files across multiple formats, mapping findings to MITRE ATT&CK tactics and techniques.
Automated collection tool for incident response triage in Windows systems.
Capa is a malware analysis tool that detects capabilities in executable files by analyzing PE, ELF, .NET modules, shellcode, and sandbox reports to identify potential malicious behaviors with ATT&CK framework mapping.
A command-line tool for analyzing and extracting detailed information from Windows Portable Executable (PE) files.
Remote access and IT support tool for workstation management and diagnostics
Recovers/removes passwords and restrictions from encrypted PDF files.
Plugin that decompiles malware PE files into readable C code using hybrid analysis.
A comprehensive incident response tool for Windows computers, providing advanced memory forensics and access to locked systems.
CAPA is a static analysis tool that detects and reports capabilities in executable files across multiple formats, mapping findings to MITRE ATT&CK tactics and techniques.
Automated collection tool for incident response triage in Windows systems.
Capa is a malware analysis tool that detects capabilities in executable files by analyzing PE, ELF, .NET modules, shellcode, and sandbox reports to identify potential malicious behaviors with ATT&CK framework mapping.
A command-line tool for analyzing and extracting detailed information from Windows Portable Executable (PE) files.
Remote access and IT support tool for workstation management and diagnostics
Recovers/removes passwords and restrictions from encrypted PDF files.
Password recovery tool for MS Office, WordPerfect, Lotus & other office docs.
Decrypts EFS-protected files on NTFS volumes across Windows versions.
Password recovery tool for encrypted ZIP, 7Zip, and RAR archives.
Windows-based email forensics tool for evidence recovery and analysis.
FIM and config change monitoring tool with baseline deviation detection.
DFIR platform automating investigation, evidence collection, and IR.
Digital forensics platform for evidence acquisition, analysis, and DFIR.
Incident Response Documentation tool for tracking findings and tasks.
A utility package that monitors hard drive health through SMART technology to detect and prevent disk failures before data loss occurs.
A Windows context menu integration tool that scans files and folders for malware patterns, crypto signatures, and malicious documents using Yara rules and PEID signatures.
A library and set of tools for accessing and analyzing storage media devices and partitions for forensic analysis and investigation.
libevt is a library to access and parse Windows Event Log (EVT) files.
A digital artifact extraction framework for extracting data from volatile memory (RAM) samples, providing visibility into the runtime state of a system.
A library to access and parse Windows XML Event Log (EVTX) format, useful for digital forensics and incident response.
A PowerShell-based incident response and live forensic data acquisition tool for Windows hosts.
A free endpoint security tool for host investigative capabilities to find signs of malicious activity through memory and file analysis.
A library for accessing and parsing Microsoft Internet Explorer cache files (index.dat) to extract URLs, timestamps, and cached content for digital forensic analysis.
A library for accessing and parsing Extensible Storage Engine (ESE) Database Files used by Microsoft applications like Windows Search, Exchange, and Active Directory for forensic analysis purposes.
A library for accessing and parsing Windows NT Registry File (REGF) format files, designed for digital forensics and registry analysis applications.
A digital forensics tool that provides read-only access to file-system objects from various storage media types and file formats.
A library to access the Windows New Technology File System (NTFS) format with read-only support for NTFS versions 3.0 and 3.1.
A tool that collects and displays user activity and system events on a Windows system.
A static analysis tool for PE files that identifies potential malicious indicators through compiler detection, packing analysis, signature matching, and suspicious string identification.
Request Tracker for Incident Response (RTIR) is a tool for incident response teams to manage incident reports, correlate data, and facilitate communication.
A library for working with Windows NT data types, providing access and manipulation functions.
Autopsy is a GUI-based digital forensics platform for analyzing hard drives and smart phones, with a plug-in architecture for custom modules.
A software that collects forensic artifacts on systems for forensic investigations.
A cross-platform registry hive editor for forensic analysis with advanced features like hex viewer and reporting engine.
A library to access and parse Windows Shortcut File (LNK) format.
A Windows Registry hive extraction library that provides C API access for reading and writing registry binary files with XML export capabilities.
A digital forensic tool for creating forensic images of computer hard drives and analyzing digital evidence.
A library to access the Expert Witness Compression Format (EWF) for digital forensics and incident response.
Comprehensive digital forensics and incident response platform for law enforcement, corporate, and academic institutions.
Magnet ACQUIRE offers robust data extraction capabilities for digital forensics investigations, supporting a wide range of devices.
A tool to remove malicious artifacts from Microsoft Office documents, preventing malware infections and data breaches.
LiME is a Linux Memory Extractor tool for acquiring volatile memory from Linux and Linux-based devices, including Android, with features like full memory captures and minimal process footprint.
Generate comprehensive reports about Windows systems with detailed system, security, networking, and USB information.
Scan files or process memory for Cobalt Strike beacons and parse their configuration.
An open source tool that generates YARA rules from installed software on running operating systems for efficient software identification in digital forensic investigations.
DFIR ORC Documentation provides detailed instructions for setting up the build environment and deploying the tool.
Common questions security professionals ask when evaluating alternatives and competitors to hollows_hunter.
The most popular alternatives to hollows_hunter include Joe Sandbox DEC, WindowsSCOPE, CAPA, IRTriage, and capa. These Digital Forensics and Incident Response tools offer similar capabilities and are frequently compared by security professionals evaluating their options.
