AI-powered investigative analytics platform for eDiscovery, data privacy & fraud

WindowsSCOPE Logo
WindowsSCOPE

A comprehensive incident response tool for Windows computers, providing advanced memory forensics and access to locked systems.

Intezer Logo
Intezer

Intezer is a cloud-based malware analysis platform that detects and classifies malware using genetic code analysis.

Intelligence-Driven Incident Response Logo
Intelligence-Driven Incident Response

ENISA Training Resources offers online training material for cybersecurity specialists, covering technical areas such as artefact handling and analysis.

Binwalk Logo
Binwalk

Binwalk is a firmware analysis tool that enables reverse engineering and extraction of embedded file systems and archives from firmware images.

Zeek Analysis Tools (ZAT) Logo
Zeek Analysis Tools (ZAT)

ZAT is a Python package that processes and analyzes Zeek network security data using machine learning libraries like Pandas, scikit-learn, Kafka, and Spark.

StegoVeritas Logo
StegoVeritas

A versatile steganography tool with various installation options and detailed usage instructions.

Aurora Incident Response Logo
Aurora Incident Response

Incident Response Documentation tool for tracking findings and tasks.

Movfuscator-Be-Gone Logo
Movfuscator-Be-Gone

A de-obfuscator for M/o/Vfuscator, a notorious obfuscator, designed to reverse the effects of M/o/Vfuscator's obfuscation.

zed-0xff zsteg Logo
zed-0xff zsteg

Detects steganography-hidden data in PNG and BMP image files

StegSolve Logo
StegSolve

StegSolve is a steganography analysis tool with image analysis features.

ANY.RUN Logo
ANY.RUN

Interactive malware hunting service with live access to the heart of an incident.

Radare2 Logo
Radare2

A powerful reverse engineering framework

Red Hand Analyzer Logo
Red Hand Analyzer

Red Hand Analyzer is an online tool that provides automated behavioral analysis of PCAP files to detect malicious network activities and security vulnerabilities without decrypting traffic content.

smartmontools Logo
smartmontools

A utility package that monitors hard drive health through SMART technology to detect and prevent disk failures before data loss occurs.

USBPcapOdinDumper Logo
USBPcapOdinDumper

A reverse engineering tool that extracts and organizes Samsung ODIN3 protocol messages from USB packet captures into human-readable files.

OCyara Logo
OCyara

OCyara performs OCR on images and PDF files to extract text content and scan it against Yara rules for malware detection.

Andriller CE (Community Edition) Logo
Andriller CE (Community Edition)

A software utility with forensic tools for smartphones, offering powerful data extraction and decoding capabilities.

Cyber Incident Response Playbook Battle Cards Logo
Cyber Incident Response Playbook Battle Cards

A collection of structured incident response playbook battle cards providing prescriptive guidance and countermeasures for cybersecurity incident response operations.

Mobile Verification Toolkit (MVT) Logo
Mobile Verification Toolkit (MVT)

A forensic toolkit for analyzing Android and iOS devices to detect potential spyware infections and security compromises using indicators of compromise.

APFS FUSE Driver for Linux Logo
APFS FUSE Driver for Linux

A read-only FUSE driver that enables Linux systems to mount and access Apple File System (APFS) volumes, including encrypted and fusion drives.

Yara Pattern Scanner Logo
Yara Pattern Scanner

A Windows context menu integration tool that scans files and folders for malware patterns, crypto signatures, and malicious documents using Yara rules and PEID signatures.

Steghide Logo
Steghide

Steghide is a steganography program for hiding data in image and audio files.

Granef Logo
Granef

A network forensics toolkit that transforms network traffic data into graph-based representations for interactive analysis and visualization through a web interface.

iLEAPP Logo
iLEAPP

A forensic analysis tool that extracts and parses logs, notifications, and system information from iOS/iPadOS devices and backups.

ORNA End-to-End AI Cyber Incident Response Platform Logo
ORNA End-to-End AI Cyber Incident Response Platform

AI-powered cyber incident response platform for training, orchestration & mgmt

Kanvas Logo
Kanvas

An open-source incident response case management tool that provides visualization, threat intelligence lookups, and security framework mapping in a unified workspace.

Seqrite Malware Analysis Platform Logo
Seqrite Malware Analysis Platform

Malware analysis platform for detecting and analyzing threats via sandbox

AhnLab A-FIRST 디지털 포렌식 서비스 Logo
AhnLab A-FIRST 디지털 포렌식 서비스

Digital forensics service for incident analysis and APT response

Cyber Triage Cyber Triage Collector Logo
Cyber Triage Cyber Triage Collector

Standalone DFIR data collector for Windows systems with adaptive collection

Cyber Triage Malware Forensics Tool Logo
Cyber Triage Malware Forensics Tool

Malware scanning tool for DFIR using 40+ engines from ReversingLabs

Exterro FTK Imager Pro Logo
Exterro FTK Imager Pro

Forensic imaging tool for disk acquisition, iOS collection, and encryption

Exterro FTK Forensic Toolkit Logo
Exterro FTK Forensic Toolkit

Digital forensics suite for processing, analyzing & reporting computer/mobile data

Exterro Assist for Data Logo
Exterro Assist for Data

AI-powered data management system for forensics, e-discovery, and privacy

ORNA Breach Response & Digital Forensics Logo
ORNA Breach Response & Digital Forensics

24/7 breach response and digital forensics service for incident handling

GroupSense Ransomware Readiness Logo
GroupSense Ransomware Readiness

Ransomware preparedness & response service with playbooks and negotiation

Sucuri Website Malware Removal & Protection Logo
Sucuri Website Malware Removal & Protection

Website malware removal service with WAF, monitoring, and cleanup support

GrammaTech DDisasm Logo
GrammaTech DDisasm

Fast disassembler producing reassemblable assembly code using Datalog

Allgress Simplified Incident Management Logo
Allgress Simplified Incident Management

Incident management platform for tracking and responding to security incidents

Nuix Investigate Logo
Nuix Investigate

Digital forensics & investigation platform for analyzing evidence & cases

Nuix Workstation Logo
Nuix Workstation

Data processing & analysis platform for eDiscovery, investigations & forensics

Nuix Rampiva Logo
Nuix Rampiva

eDiscovery workflow automation platform for legal hold to review processes

Nuix Transform Logo
Nuix Transform

Data analysis platform for transforming data into actionable intelligence

Nuix Enterprise Collection Center Logo
Nuix Enterprise Collection Center

Data collection tool for eDiscovery, investigations, and forensics

CybrHawk Incident Response – IR One Logo
CybrHawk Incident Response – IR One

NIST-aligned DFIR platform for incident containment, investigation, and recovery

CybrHawk Incident Response Logo
CybrHawk Incident Response

Incident response & management service for detecting, containing & recovering

Axence ConnectPro Logo
Axence ConnectPro

Remote access and IT support tool for workstation management and diagnostics

Resolver Investigation & Case Management Software Logo
Resolver Investigation & Case Management Software

AI-assisted case management software for investigations and incident response

VikingCloud Digital Forensics Services Logo
VikingCloud Digital Forensics Services

Digital forensics & incident response services for cyber incident investigation

SolarWinds Incident Response Logo
SolarWinds Incident Response

Incident response platform for alert management, collaboration, and remediation

ERM Protect Digital Forensics Logo
ERM Protect Digital Forensics

Digital forensics services provided by ERM Protect

Viettel Compromise Assessment (VCS-CA) Logo
Viettel Compromise Assessment (VCS-CA)

Proactive service scanning systems for signs of past/ongoing breaches & malware

ReversingLabs Spectra Analyze Logo
ReversingLabs Spectra Analyze

Malware analysis platform for SOC teams with binary analysis and threat detection

CatchProbe Cognitive Analytx Logo
CatchProbe Cognitive Analytx

Investigation platform for digital forensics and incident analysis

CatchProbe CrimeGround Logo
CatchProbe CrimeGround

Investigation and case management system for cybersecurity incidents

Grafana Incident Logo
Grafana Incident

Incident management tool for automating response workflows in Grafana Cloud

Cloudaware Not Found Logo
Cloudaware Not Found

Incident management platform for cloud environments

CYGNVS Incident Response Logo
CYGNVS Incident Response

Out-of-band incident response platform for cyber incident lifecycle management

CYGNVS Logo
CYGNVS

Incident response platform for cyber crisis management and collaboration

CYGNVS AI Logo
CYGNVS AI

Incident response platform for preparation, practice, response, and reporting

eSentire Digital Forensics and Incident Response Logo
eSentire Digital Forensics and Incident Response

DFIR service with unlimited incident response and threat suppression

GM Sectec Digital Forensics and Incident Response Logo
GM Sectec Digital Forensics and Incident Response

DFIR services with PCI SSC certified lab for cybercrime investigation

Intersec Worldwide DFIR Logo
Intersec Worldwide DFIR

DFIR services for cyber incident investigation and remediation

LimaCharlie Incident Response Logo
LimaCharlie Incident Response

Centralized IR platform for threat visibility, detection, and rapid deployment

LimaCharlie Responder Logo
LimaCharlie Responder

Automates initial incident assessment and forensics gathering via host sweeps.

LimaCharlie Memory/MFT Dumper Logo
LimaCharlie Memory/MFT Dumper

Automates memory and MFT dumps at scale for forensic analysis on Windows hosts

Menlo Security Browsing Forensics Logo
Menlo Security Browsing Forensics

Browser session recording & forensics for incident investigation & analysis

NIKSUN® NikOS Everest™ Logo
NIKSUN® NikOS Everest™

Network forensics platform with packet capture and analytics capabilities

Relativity Data Breach Response Logo
Relativity Data Breach Response

AI-powered data breach response platform for identifying PI/PHI and notifications

Seculetter Malware Analysis Logo
Seculetter Malware Analysis

Malware analysis platform by Seculetter

SecurityScorecard Digital Forensics & Incident Response Logo
SecurityScorecard Digital Forensics & Incident Response

DFIR service for breach investigation, containment, and remediation

Tanium Security Operations Logo
Tanium Security Operations

Unified platform for incident detection, investigation, containment & remediation

Tanium Threat Response Logo
Tanium Threat Response

Real-time endpoint threat investigation and incident response platform

Cytactic Cyber Crisis Management Platform Logo
Cytactic Cyber Crisis Management Platform

Platform for cyber crisis readiness, response management, and recovery

Cytactic Logo
Cytactic

Cyber crisis management platform for incident response and preparedness

COGNNA Compromise Assessment Logo
COGNNA Compromise Assessment

AI-powered compromise assessment with APT detection and digital forensics

HERO Breach Verification Logo
HERO Breach Verification

Rapid breach verification service to confirm suspected cyber incidents

Cyber Triage Enterprise Logo
Cyber Triage Enterprise

DFIR platform for endpoint triage & investigation with EDR telemetry import

ANA Cyber Digital Forensic Investigation Logo
ANA Cyber Digital Forensic Investigation

Digital forensic investigation services for evidence collection and analysis

ANA Cyber Forensic Cyber Crime and Fraud Investigation Logo
ANA Cyber Forensic Cyber Crime and Fraud Investigation

Cybercrime and fraud investigation services with digital forensics

AnChain.AI CISO™ Logo
AnChain.AI CISO™

Blockchain analytics platform for crypto compliance and investigations

BreachRx Incident Response Management Platform Logo
BreachRx Incident Response Management Platform

SaaS platform for managing cybersecurity incident and data breach response

CyberContract Incident Management Logo
CyberContract Incident Management

24/7 cyber incident response service with forensics, legal, and recovery support

Dreamlab Cyberincident Response and Forensics Logo
Dreamlab Cyberincident Response and Forensics

Incident response and forensics service for cyber attack investigation

Digital Forensics and Incident Response Logo
Digital Forensics and Incident Response

DFIR service for breach investigation, evidence preservation, and recovery.

HexPrism Logo
HexPrism

HexPrism is a fast, privacy-first hex editor built for CTFs and digital forensics.

Actifile Digital Forensics Logo
Actifile Digital Forensics

Automated digital forensics tool for real-time data activity monitoring and IR.

AISI DFIR Logo
AISI DFIR

Managed DFIR service with proprietary tools for forensics & IR.

Arc4dia Snow Cloud Logo
Arc4dia Snow Cloud

Cloud backend for SNOW platform: telemetry storage, ML anomaly detection & IR.

Arc4dia Real-Time Forensic Analysis Logo
Arc4dia Real-Time Forensic Analysis

Real-time intrusion detection and forensic analysis service powered by SNOW.

Avigilon Security Cameras & VMS Logo
Avigilon Security Cameras & VMS

Cloud & on-premise video security cameras and VMS with AI analytics.

Bluedog Compromise Assessment Logo
Bluedog Compromise Assessment

Managed service to detect active/recent threat actors in org networks.

BullWall Ransomware Containment Logo
BullWall Ransomware Containment

Agentless ransomware detection and containment via behavioral analysis.

CDSG WiebeTech Logo
CDSG WiebeTech

Hardware write-blockers & forensic tools for secure digital evidence handling.

CimTrak Integrity Suite Logo
CimTrak Integrity Suite

File integrity monitoring suite for breach detection, remediation & compliance.

Command Zero Platform Logo
Command Zero Platform

AI-augmented platform for SOC investigations, threat hunting & IR.

Cognni Incident Investigation Logo
Cognni Incident Investigation

Incident investigation tool for info risks, user activity, and file exposure.

Critical Start CIRT Logo
Critical Start CIRT

IR and digital forensics services for breach response and incident readiness.

CSPi Myricom nVoy Series AIR Logo
CSPi Myricom nVoy Series AIR

Automated network packet recording and breach investigation tool for IR teams.

CyberClan eDiscovery Investigations Logo
CyberClan eDiscovery Investigations

Managed eDiscovery service for ESI collection and review after cyber breaches.

Elcomsoft Distributed Password Recovery Logo
Elcomsoft Distributed Password Recovery

Distributed GPU-accelerated password recovery for 300+ file/encryption formats.

Elcomsoft Mobile Forensic Bundle Logo
Elcomsoft Mobile Forensic Bundle

Mobile forensic bundle for physical, logical & OTA acquisition of iOS/Android/cloud.

ElcomSoft Advanced PDF Password Recovery Logo
ElcomSoft Advanced PDF Password Recovery

Recovers/removes passwords and restrictions from encrypted PDF files.

ElcomSoft Advanced Office Password Recovery Logo
ElcomSoft Advanced Office Password Recovery

Password recovery tool for MS Office, WordPerfect, Lotus & other office docs.

ElcomSoft Advanced EFS Data Recovery Logo
ElcomSoft Advanced EFS Data Recovery

Decrypts EFS-protected files on NTFS volumes across Windows versions.

ElcomSoft Adv. Archive Password Recovery Logo
ElcomSoft Adv. Archive Password Recovery

Password recovery tool for encrypted ZIP, 7Zip, and RAR archives.

Endace EndaceProbe Logo
Endace EndaceProbe

Always-on network packet capture for forensics, IR, and compliance.

Enginsight FIM Logo
Enginsight FIM

FIM tool monitoring critical files for unauthorized changes across OS platforms.

Exigence Status Page Logo
Exigence Status Page

Purpose-built status page platform for targeted incident communications.

Exigence Logo
Exigence

Centralized IT & security incident mgmt platform with automation & AI.

Exigence Platform-Based IR Planning Logo
Exigence Platform-Based IR Planning

Out-of-band IR planning platform with tabletop drills for MSPs & enterprises.

Exigence Incident Response Platform Logo
Exigence Incident Response Platform

Process-driven IR platform for IR firms managing breached client incidents.

Exigence Platform Logo
Exigence Platform

End-to-end incident management platform for IR teams, MSPs, and enterprises.

Exigence IR Planning Platform Logo
Exigence IR Planning Platform

IR planning platform for MSPs/MSSPs with templates, tabletops & multi-tenancy.

GLIMPS Audit Logo
GLIMPS Audit

Automatic binary reverse-engineering tool for library ID across architectures.

GLIMPS Malware Expert Logo
GLIMPS Malware Expert

Deep learning-based malware analysis & threat contextualization platform.

GLIMPS Malware Kiosk Logo
GLIMPS Malware Kiosk

File malware analysis portal for end users using deep learning detection.

IntaForensics Digital Investigation Svcs Logo
IntaForensics Digital Investigation Svcs

Expert digital forensics investigation service for criminal, civil & corporate cases.

IntaForensics Cell Site Analysis Logo
IntaForensics Cell Site Analysis

Accredited forensic cell site geolocation analysis for criminal investigations.

IntaForensics e-Discovery Services Logo
IntaForensics e-Discovery Services

Professional e-discovery service for ESI identification, collection & review.

IntaForensics Digital Forensics Service Logo
IntaForensics Digital Forensics Service

Professional digital forensics service for legal & criminal investigations.

Joe Security Joe Lab Logo
Joe Security Joe Lab

Cloud-based bare-metal malware analysis lab for SOC, CERT & CIRT teams.

Joe Sandbox DEC Logo
Joe Sandbox DEC

Plugin that decompiles malware PE files into readable C code using hybrid analysis.

Joe Security Joe Reverser Logo
Joe Security Joe Reverser

Agentic AI tool for automated malware reverse engineering & phishing analysis.

LiveAction Incident Response Logo
LiveAction Incident Response

Network packet capture & forensics tool for security incident investigations.

LiveAction LiveWire Logo
LiveAction LiveWire

High-speed network packet capture & forensics appliance for NetOps & SecOps.

MailXaminer Email Content Analysis Logo
MailXaminer Email Content Analysis

Email forensic tool for analyzing email headers, body, and attachments.

MailXaminer Logo
MailXaminer

Windows-based email forensics tool for evidence recovery and analysis.

MailXaminer Skin Tone Analysis Logo
MailXaminer Skin Tone Analysis

Email forensics tool that detects objectionable images via skin tone analysis.

MailXaminer Outlook Exporter EnCase Plugin Logo
MailXaminer Outlook Exporter EnCase Plugin

EnCase plugin to export forensic email records to PST without Outlook.

MailXaminer MIME Header Analyzer Logo
MailXaminer MIME Header Analyzer

Email forensics tool for analyzing MIME header fields across 20+ formats.

MailXaminer Email Decryption Logo
MailXaminer Email Decryption

Decrypts S/MIME & OpenPGP emails from PST/OST/EDB for forensic analysis.

MailXaminer Computer Forensic Tool Logo
MailXaminer Computer Forensic Tool

Email-focused digital forensics tool for evidence acquisition, analysis & reporting.

Malwation Automated Malware Analysis Logo
Malwation Automated Malware Analysis

Automated malware analysis via hypervisor-level sandbox & static analysis.

Malwation Threat.Zone Logo
Malwation Threat.Zone

Multi-OS malware analysis platform with sandbox, static analysis & URL scanning.

Malwation Malware Analysis Lab Logo
Malwation Malware Analysis Lab

Manual malware analysis lab with CSI module for in-depth threat inspection.

NFIR Digital Forensic Investigation Logo
NFIR Digital Forensic Investigation

Professional digital forensics service covering breaches, fraud, and OSINT.

OWN-CERT Logo
OWN-CERT

Inter-company CERT service offering DFIR & CTI for orgs of all sizes.

OWN OWN-CERT Logo
OWN OWN-CERT

Inter-enterprise CERT service offering 24/7 DFIR & CTI for orgs of all sizes.

Pen Test Partners Digital Forensics Expert Witness Logo
Pen Test Partners Digital Forensics Expert Witness

Expert witness & digital forensics service for legal proceedings.

Pen Test Partners Digital Forensic Investigations Logo
Pen Test Partners Digital Forensic Investigations

Professional digital forensics service for evidence collection, analysis & legal support.

S2T GoldenSpear Data Discovery Logo
S2T GoldenSpear Data Discovery

AI-powered data lake for structured/unstructured data discovery & analysis.

SafeAeon DFIR-as-a-Service Logo
SafeAeon DFIR-as-a-Service

Managed DFIR service for investigating and responding to cyber incidents.

SafenSoft SoftControl Change Monitoring Logo
SafenSoft SoftControl Change Monitoring

FIM and config change monitoring tool with baseline deviation detection.

SECNORA Digital Forensics Services Logo
SECNORA Digital Forensics Services

Professional digital forensics services covering computers, mobile, and media.

ShadowDragon Investigate Logo
ShadowDragon Investigate

OSINT-driven link analysis tool for mapping entity relationships visually.

ShadowDragon Horizon Identity Logo
ShadowDragon Horizon Identity

OSINT tool for digital identity investigation across 600+ public sources.

SOClogix Digital Forensics Logo
SOClogix Digital Forensics

Digital forensics service for data recovery, analysis, and incident investigation.

Stairwell Intelligent Analysis Logo
Stairwell Intelligent Analysis

AI-powered file analysis platform delivering malware verdicts in natural language.

Stairwell Run to Ground Logo
Stairwell Run to Ground

Turns a single IOC or hash into a full malware campaign investigation view.

Stairwell Variant Discovery Logo
Stairwell Variant Discovery

Expands a single malware hash into full family visibility via structural analysis.

StealthMole Telegram Tracker Logo
StealthMole Telegram Tracker

OSINT tool for investigating cybercrime activity on Telegram.

SysTools Logo
SysTools

Suite of data forensics, migration, backup, and cybersecurity tools/services.

Unknown Cyber Magic™ Logo
Unknown Cyber Magic™

AI-powered malware analysis & threat research platform with chat interface.

WetStone Labs Logo
WetStone Labs

Cybersecurity & digital forensics software for malware detection and DFIR.

XTN Cognitive Security Logo
XTN Cognitive Security

Digital fraud prevention & detection platform for finance and e-commerce.

xxd Logo
xxd

A command-line tool for creating hex dumps, converting between binary and human-readable representations, and patching binary files.

libsmdev Logo
libsmdev

A library and set of tools for accessing and analyzing storage media devices and partitions for forensic analysis and investigation.

VX-Underground Logo
VX-Underground

VX-Underground is a vast online repository of malware samples, featuring various collections for cybersecurity professionals and researchers to analyze and combat cyber threats.

libevt Logo
libevt

libevt is a library to access and parse Windows Event Log (EVT) files.

stegextract Logo
stegextract

Stegextract is a Bash script that extracts hidden files and strings from images, supporting PNG, JPG, and GIF formats.

Volatility 3 Logo
Volatility 3

A digital artifact extraction framework for extracting data from volatile memory (RAM) samples, providing visibility into the runtime state of a system.

MalShare.com Logo
MalShare.com

A community-driven public malware repository providing access to malware samples, tools, and resources for the cybersecurity community.

libevtx Logo
libevtx

A library to access and parse Windows XML Event Log (EVTX) format, useful for digital forensics and incident response.

PSRecon Logo
PSRecon

A PowerShell-based incident response and live forensic data acquisition tool for Windows hosts.

libqcow Logo
libqcow

A library for read-only access to QEMU Copy-On-Write (QCOW) image files, supporting multiple versions and compression formats for digital forensics analysis.

The DFIR Report Logo
The DFIR Report

In-depth threat intelligence reports and services providing insights into real-world intrusions, malware analysis, and threat briefs.

Mastiff Logo
Mastiff

A static analysis framework for extracting key characteristics from various file formats

Redline Logo
Redline

A free endpoint security tool for host investigative capabilities to find signs of malicious activity through memory and file analysis.

unfurl Logo
unfurl

Unfurl is a URL analysis tool that extracts and visualizes data from URLs, breaking them down into components and presenting the information visually.

libmsiecf Logo
libmsiecf

A library for accessing and parsing Microsoft Internet Explorer cache files (index.dat) to extract URLs, timestamps, and cached content for digital forensic analysis.

libsmraw Logo
libsmraw

A library to access and manipulate RAW image files.

Hybrid-Analysis Logo
Hybrid-Analysis

Falcon Sandbox is a malware analysis framework that provides in-depth static and dynamic analysis of files, offering hybrid analysis, behavior indicators, and integrations with various security tools.

Practical Memory Forensics Logo
Practical Memory Forensics

A practical guide to enhancing digital investigations with cutting-edge memory forensics techniques, covering fundamental concepts, tools, and techniques for memory forensics.

CAPA Logo
CAPA

CAPA is a static analysis tool that detects and reports capabilities in executable files across multiple formats, mapping findings to MITRE ATT&CK tactics and techniques.

libesedb Logo
libesedb

A library for accessing and parsing Extensible Storage Engine (ESE) Database Files used by Microsoft applications like Windows Search, Exchange, and Active Directory for forensic analysis purposes.

cabextract Logo
cabextract

Free software for extracting Microsoft cabinet files, supporting all features and formats of Microsoft cabinet files and Windows CE installation files.

libregf Logo
libregf

A library for accessing and parsing Windows NT Registry File (REGF) format files, designed for digital forensics and registry analysis applications.

dfvfs Logo
dfvfs

A digital forensics tool that provides read-only access to file-system objects from various storage media types and file formats.

Viper Logo
Viper

A binary analysis and management framework for organizing and analyzing malware and exploit samples, and creating plugins.

Cyber Triage Automated Investigation Platform Logo
Cyber Triage Automated Investigation Platform

Automated DFIR platform for rapid incident investigation and endpoint triage

libfsntfs Logo
libfsntfs

A library to access the Windows New Technology File System (NTFS) format with read-only support for NTFS versions 3.0 and 3.1.

THOR Lite Logo
THOR Lite

A free, fast, and flexible multi-platform IOC and YARA scanner for Windows, Linux, and macOS.

floss Logo
floss

A tool that extracts and deobfuscates strings from malware binaries using advanced static analysis techniques.

WayBackMachine Logo
WayBackMachine

A digital archive of the internet, allowing users to capture and browse archived web pages.

testdisk Logo
testdisk

TestDisk is a free data recovery software that can recover lost partitions and undelete files from various file systems.

libfvde Logo
libfvde

A library to access FileVault Drive Encryption (FVDE) encrypted volumes on Mac OS X systems.

c-aff4 Logo
c-aff4

An open source format for storing digital evidence and data, with a C/C++ library for creating, reading, and manipulating AFF4 images.

Echotrail Insights Logo
Echotrail Insights

Search engine for Windows executable files and hashes, providing insights into file prevalence, behavior, and security information.

libolecf Logo
libolecf

A library for accessing and parsing OLE 2 Compound File (OLECF) format files, including Microsoft Office documents and thumbs.db files.

LastActivityView Logo
LastActivityView

A tool that collects and displays user activity and system events on a Windows system.

manalyze Logo
manalyze

A static analysis tool for PE files that identifies potential malicious indicators through compiler detection, packing analysis, signature matching, and suspicious string identification.

RTIR Logo
RTIR

Request Tracker for Incident Response (RTIR) is a tool for incident response teams to manage incident reports, correlate data, and facilitate communication.

libfwnt Logo
libfwnt

A library for working with Windows NT data types, providing access and manipulation functions.

The Sleuth Kit & Autopsy Logo
The Sleuth Kit & Autopsy

Autopsy is a GUI-based digital forensics platform for analyzing hard drives and smart phones, with a plug-in architecture for custom modules.

artifactcollector Logo
artifactcollector

A software that collects forensic artifacts on systems for forensic investigations.

sniffle Logo
sniffle

A Bluetooth 5 and 4.x sniffer using TI CC1352/CC26x2 hardware with advanced features and Python-based host-side software.

PhotoRec Logo
PhotoRec

A free, open-source file data recovery software that can recover lost files from hard disks, CD-ROMs, and digital camera memory.

jpeginfo Logo
jpeginfo

A command-line tool that extracts detailed technical information, metadata, and checksums from JPEG image files with support for multiple output formats.

Forensic Registry EDitor (FRED) Logo
Forensic Registry EDitor (FRED)

A cross-platform registry hive editor for forensic analysis with advanced features like hex viewer and reporting engine.

liblnk Logo
liblnk

A library to access and parse Windows Shortcut File (LNK) format.

hivex Logo
hivex

A Windows Registry hive extraction library that provides C API access for reading and writing registry binary files with XML export capabilities.

Art of Memory Forensics Logo
Art of Memory Forensics

A comprehensive guide to memory forensics, covering tools, techniques, and procedures for analyzing volatile memory.

AccessData FTK Imager Logo
AccessData FTK Imager

A digital forensic tool for creating forensic images of computer hard drives and analyzing digital evidence.

libvmdk Logo
libvmdk

A library and tools to access and manipulate VMware Virtual Disk (VMDK) files.

libewf Logo
libewf

A library to access the Expert Witness Compression Format (EWF) for digital forensics and incident response.

libvslvm Logo
libvslvm

A library and tools for accessing and analyzing Linux Logical Volume Manager (LVM) volume system format.

Belkasoft Evidence Center Logo
Belkasoft Evidence Center

Comprehensive digital forensics and incident response platform for law enforcement, corporate, and academic institutions.

Nomoreransom Logo
Nomoreransom

No More Ransom is a collaborative project to combat ransomware attacks by providing decryption tools and prevention advice.

ExoneraTor Logo
ExoneraTor

Check if an IP address was used as a Tor relay on a given date.

Recon Logo
Recon

A file search and query tool for ops and security experts.

Metadefender Cloud Logo
Metadefender Cloud

Advanced threat prevention and detection platform leveraging Deep CDR, Multiscanning, and Sandbox technologies to protect against data breaches and ransom attacks.

libfsapfs Logo
libfsapfs

A library and tools to access and analyze APFS file systems

CyberCPR Logo
CyberCPR

Incident response and case management solution for efficient incident response and management.

strings Logo
strings

A command-line utility for extracting human-readable text from binary files.

xmlstarlet Logo
xmlstarlet

XMLStarlet offers a suite of command line utilities for manipulating and querying XML documents.

win10upgrade Logo
win10upgrade

MetaDefender Cloud offers advanced threat prevention using technologies like Multiscanning, Deep CDR, and Sandbox.

dc3dd Logo
dc3dd

dc3dd is a patch to the GNU dd program, tailored for forensic acquisition with features like hashing and file verification.

Valkyrie Comodo Logo
Valkyrie Comodo

Valkyrie is a sophisticated file verdict system that enhances malware detection through behavioral analysis and extensive file feature examination.

edb Logo
edb

edb is a powerful debugger for Linux binaries, enhancing reverse engineering efforts with a user-friendly interface and extensible plugins.

Magnet ACQUIRE Logo
Magnet ACQUIRE

Magnet ACQUIRE offers robust data extraction capabilities for digital forensics investigations, supporting a wide range of devices.

