Top picks: libregf, libolecf, AfterGlow Cloud — plus 45 more compared.
Security Operationsunfurl is a free tool. Security professionals most commonly compare it with . All 48 alternatives are matched by shared capabilities, tags, and NIST CSF 2.0 coverage.
A closer look at the 8 most relevant alternatives and competitors to unfurl, including their key features and shared capabilities.
A library for accessing and parsing Windows NT Registry File (REGF) format files, designed for digital forensics and registry analysis applications.
A library for accessing and parsing OLE 2 Compound File (OLECF) format files, including Microsoft Office documents and thumbs.db files.
AfterGlow Cloud is a Django-based web application that allows users to upload data and generate graph visualizations through a browser interface.
A declarative language for describing binary data structures that compiles into parsers for multiple programming languages.
AI-powered data lake for structured/unstructured data discovery & analysis.
OSINT-driven link analysis tool for mapping entity relationships visually.
An open source .NET deobfuscator and unpacker that restores packed and obfuscated assemblies by reversing various obfuscation techniques.
Open-source IR documentation tool for tracking findings, tasks, and timelines.
A library for accessing and parsing Windows NT Registry File (REGF) format files, designed for digital forensics and registry analysis applications.
A library for accessing and parsing OLE 2 Compound File (OLECF) format files, including Microsoft Office documents and thumbs.db files.
AfterGlow Cloud is a Django-based web application that allows users to upload data and generate graph visualizations through a browser interface.
A declarative language for describing binary data structures that compiles into parsers for multiple programming languages.
AI-powered data lake for structured/unstructured data discovery & analysis.
OSINT-driven link analysis tool for mapping entity relationships visually.
An open source .NET deobfuscator and unpacker that restores packed and obfuscated assemblies by reversing various obfuscation techniques.
Open-source IR documentation tool for tracking findings, tasks, and timelines.
A read-only FUSE driver that enables Linux systems to mount and access Apple File System (APFS) volumes, including encrypted and fusion drives.
A network forensics toolkit that transforms network traffic data into graph-based representations for interactive analysis and visualization through a web interface.
An open-source incident response case management tool
Fast disassembler producing reassemblable assembly code using Datalog
HexPrism is a fast, privacy-first hex editor built for CTFs and digital forensics.
libevt is a library to access and parse Windows Event Log (EVT) files.
A library to access and manipulate RAW image files.
Free software for extracting Microsoft cabinet files, supporting all features and formats of Microsoft cabinet files and Windows CE installation files.
A library to access and parse Windows Shortcut File (LNK) format.
An open source tool that generates YARA rules from installed software on running operating systems for efficient software identification in digital forensic investigations.
wxHexEditor is a free cross-platform hex editor and disk editor for editing binary files, disk devices, and logical drives with data manipulation and checksum calculation features.
A Yara ruleset designed to detect PHP shells and other webserver malware for malware analysis and threat detection.
DMG2IMG converts Apple compressed DMG archives to standard HFS+ image files supporting zlib, bzip2, and LZFSE compression formats.
Ghidra is an NSA-developed software reverse engineering framework that provides disassembly, decompilation, and analysis tools for examining compiled code across multiple platforms and processor architectures.
A script for extracting common Windows artifacts from source images and VSCs with detailed dependencies and usage instructions.
An OCaml Ctypes wrapper for the YARA matching engine that enables malware identification capabilities in OCaml applications.
BinaryAlert is an open-source serverless AWS pipeline that automatically scans files uploaded to S3 buckets with YARA rules and generates immediate alerts when malware is detected.
Yaramod is a library for parsing YARA rules into AST and building new YARA rulesets with C++ programming interface.
COPS is a YAML-based schema standard for creating collaborative DFIR playbooks that provide structured guidance for incident response processes.
Accessing databases stored on a machine by the Chrome browser and dumping URLs found.
StringSifter is a machine learning tool that automatically ranks strings extracted from malware samples based on their relevance for analysis.
A DFVFS backed viewer project with a WxPython GUI, aiming to enhance file extraction and viewing capabilities.
A Python 3 tool for analyzing XOR-encrypted data that can guess key lengths and decrypt XOR ciphers based on character frequency analysis.
PINT is a PIN tool that enables Lua scripting for Intel's PIN dynamic instrumentation framework, allowing researchers to inject custom code during binary analysis processes.
A discontinued disk imaging utility originally developed by Intel that used block map files for efficient disk image copying operations.
A command-line tool that parses Google Protobuf encoded data without schema definitions and displays the content in a readable, colored format.
Interactive incremental disassembler with data/control flow analysis capabilities.
A Vim syntax-highlighting plugin for YARA rules that supports versions up to v4.3 and provides enhanced code readability for malware analysts.
A Golang application that stores and queries NIST NSRL Reference Data Set for MD5 and SHA1 hash lookups using Bolt database technology.
A pure Python parser for Windows Event Log (.evtx) files that enables cross-platform forensic analysis of Windows system events.
Interactive malware sandbox with TI lookup and IOC feeds for SOC teams.
GUI-based memory forensic capture tool for cyber forensics and cyber crime investigation.
Collaborative case management platform for incident response and investigation
Malware analysis platform for detecting and analyzing threats via sandbox
Digital incident response plan built on SANS 504-B framework
Digital forensics service for incident analysis and APT response
Malware scanning tool for DFIR using 40+ engines from ReversingLabs
Forensic imaging tool for disk acquisition, iOS collection, and encryption
Digital forensics suite for processing, analyzing & reporting computer/mobile data
Common questions security professionals ask when evaluating alternatives and competitors to unfurl.
The most popular alternatives to unfurl include libregf, libolecf, AfterGlow Cloud, Kaitai Struct, and S2T GoldenSpear Data Discovery. These Digital Forensics and Incident Response tools offer similar capabilities and are frequently compared by security professionals evaluating their options.
There are 48 alternatives to unfurl listed on CybersecTools, all within the Digital Forensics and Incident Response category. Each alternative is matched based on shared capabilities, tags, and NIST CSF coverage areas.
unfurl is a free Digital Forensics and Incident Response tool. You can use it at no cost. Both free and commercial alternatives are available for comparison.
unfurl is a Digital Forensics and Incident Response tool within the broader Security Operations category. It is used by security professionals for digital forensics and incident response capabilities and can be compared against 48 similar tools.
