Best libvslvm Alternatives & Competitors in 2026

wxHexEditor

wxHexEditor is a free cross-platform hex editor and disk editor for editing binary files, disk devices, and logical drives with data manipulation and checksum calculation features.

DumpItForLinux

A tool for creating compact Linux memory dumps compatible with popular debugging tools.

ChromeFreak

A Cross-Platform Forensic Framework for Google Chrome that allows investigation of history, downloads, bookmarks, cookies, and provides a full report.

MailXaminer MIME Header Analyzer

Email forensics tool for analyzing MIME header fields across 20+ formats.

Cyacomb

Digital forensics tools for detecting CSAM on devices and online platforms.

StegoVeritas

A versatile steganography tool with various installation options and detailed usage instructions.

APFS FUSE Driver for Linux

A read-only FUSE driver that enables Linux systems to mount and access Apple File System (APFS) volumes, including encrypted and fusion drives.

Steghide

Steghide is a steganography program for hiding data in image and audio files.

iLEAPP

A forensic analysis tool that extracts and parses logs, notifications, and system information from iOS/iPadOS devices and backups.

Sysdig Stratoshark

Cloud-native system call and audit log analysis tool based on Wireshark

HexPrism

HexPrism is a fast, privacy-first hex editor built for CTFs and digital forensics.

xxd

A command-line tool for creating hex dumps, converting between binary and human-readable representations, and patching binary files.

Redline

A free endpoint security tool for host investigative capabilities to find signs of malicious activity through memory and file analysis.

libsmraw

A library to access and manipulate RAW image files.

libesedb

A library for accessing and parsing Extensible Storage Engine (ESE) Database Files used by Microsoft applications like Windows Search, Exchange, and Active Directory for forensic analysis purposes.

cabextract

Free software for extracting Microsoft cabinet files, supporting all features and formats of Microsoft cabinet files and Windows CE installation files.

c-aff4

An open source format for storing digital evidence and data, with a C/C++ library for creating, reading, and manipulating AFF4 images.

libolecf

A library for accessing and parsing OLE 2 Compound File (OLECF) format files, including Microsoft Office documents and thumbs.db files.

jpeginfo

A command-line tool that extracts detailed technical information, metadata, and checksums from JPEG image files with support for multiple output formats.

libvmdk

A library and tools to access and manipulate VMware Virtual Disk (VMDK) files.

LiME

LiME is a Linux Memory Extractor tool for acquiring volatile memory from Linux and Linux-based devices, including Android, with features like full memory captures and minimal process footprint.

Wipedicks

A secure file and drive wiping tool that overwrites data with randomized ASCII characters to prevent data recovery.

bstrings

A command-line string extraction utility for digital forensics that supports ASCII and Unicode string extraction from files and directories with pattern matching and filtering capabilities.

Diffy (DEPRECATED)

A deprecated digital forensics tool by Netflix that helped investigators scope compromises across AWS cloud instances by identifying behavioral differences and outliers during security incidents.

StegCracker

Steganography brute-force utility with performance issues, deprecated in favor of stegseek.

iPBD2 - iPhone Backup Decoder and Analyzer

Browse and analyze iPhone/iPad backups with detailed file properties and various viewers.

USN-Journal-Parser

Python script to parse the NTFS USN Change Journal.

ArtifactExtractor

A script for extracting common Windows artifacts from source images and VSCs with detailed dependencies and usage instructions.

Rifiuti2

Tool for analyzing Windows Recycle Bin INFO2 file

Truehunter

A portable forensic tool that detects encrypted containers like Truecrypt and Veracrypt by analyzing file headers, block cipher patterns, and entropy without external dependencies.

dcfldd

A modified version of GNU dd with added features like hashing and fast disk wiping.

ShadowCopy Analyzer

ShadowCopy Analyzer is a tool for cybersecurity researchers to analyze and utilize the ShadowCopy technology for file recovery and system restoration.

Chaosreader

Chaosreader is a tool for ripping files from network sniffing dumps and replaying various protocols and file transfers.

Pancake Viewer

A DFVFS backed viewer project with a WxPython GUI, aiming to enhance file extraction and viewing capabilities.

Penguin OS Forensic (or Flight) Recorder (POFR)

POFR is a Linux forensic data collection system that captures process execution, file access, and network activity for incident response and compliance analysis.

hashlookup-forensic-analyser

Analyse a forensic target to find and report files found and not found in hashlookup CIRCL public service.

AMExtractor

AMExtractor is an Android memory acquisition tool that dumps physical device memory using /dev/kmem without requiring kernel source code.

Magic Rescue

A tool for recovering files by scanning block devices and extracting them based on 'magic bytes' in file contents.

OS X Auditor

A Mac OS X computer forensics tool for analyzing system artifacts, user files, and logs with reputation verification and log aggregation capabilities.

LiMEaide v2.0

Python tool for remotely or locally dumping RAM of a Linux client for digital forensics analysis.

AVML (Acquire Volatile Memory for Linux)

A portable Rust-based tool for acquiring volatile memory from Linux systems without requiring prior knowledge of the target OS distribution or kernel.

IE10Analyzer

IE10Analyzer can parse and recover records from WebCacheV01.dat, providing detailed information and conversion capabilities.

WinSearchDBAnalyzer

WinSearchDBAnalyzer can parse and recover records in Windows.edb, providing detailed insights into various data types.

Hoarder

Hoarder is a tool to collect and parse windows artifacts.

AuditD on Android

Porting GNU/Linux userland tools to the bionic/Linux userland of Android to provide access to the audit stream for Android applications with minimal overhead.

CyLR

CyLR is a Live Response Collection tool for quickly and securely collecting forensic artifacts from hosts with NTFS file systems.

Wombat Forensics

A user-friendly and fast Forensic Analysis tool with features like tagging files and generating preview reports.

imagemounter

A command-line utility and Python package for mounting and unmounting various disk image formats with support for different volume systems and filesystems.