Digital Forensics and Incident Response Tools
Digital Forensics and Incident Response (DFIR) tools for digital forensic analysis, evidence collection, malware analysis, and cyber incident investigation.
Browse 511 digital forensics and incident response tools
FEATURED
USE CASES
A native Python cross-version decompiler and fragment decompiler.
A tool that enables Yara rule execution against compressed malware samples, supporting GZip, BZip2, and LZMA formats without manual decompression.
Automatic analysis of malware behavior using machine learning.
ELAT (Event Log Analysis Tool) is a tool that helps in analyzing Windows event logs for malware detection.
A command-line utility and Python package for mounting and unmounting various disk image formats with support for different volume systems and filesystems.
A modern tool for Windows kernel exploration and observability with a focus on security.
A collection of Mac OS X and iOS forensics resources with a focus on artifact collection and collaboration.
BARF is an open source binary analysis framework for supporting various binary code analysis tasks in information security.
An IDA Pro plugin that uses YARA rules to automatically detect cryptographic constants and patterns in binary files during reverse engineering analysis.
A utility for splitting packet traces along TCP connection boundaries.
A user-friendly and fast Forensic Analysis tool with features like tagging files and generating preview reports.
Interactive incremental disassembler with data/control flow analysis capabilities.
CyLR is a Live Response Collection tool for quickly and securely collecting forensic artifacts from hosts with NTFS file systems.
A shell script for basic forensic collection of various artefacts from UNIX systems.
CapTipper is a python tool to analyze, explore, and revive HTTP malicious traffic.
Binkit is a binary analysis tool that merged with DarunGrim and incorporates its analysis algorithms, currently in internal testing before official release.
Network Forensic Analysis Tool for deep network traffic inspection and analysis.
Hindsight is a free tool for analyzing web artifacts from Google Chrome/Chromium browsers and presenting the data in a timeline for forensic analysis.
YARA plugin for Sublime Text with syntax highlighting and snippets.
Porting GNU/Linux userland tools to the bionic/Linux userland of Android to provide access to the audit stream for Android applications with minimal overhead.
A multithreaded YARA scanner for incident response or malware zoos.
A decentralized network panic button that triggers emergency system shutdowns across networked machines via UDP broadcasts and HTTP to prevent cold boot attacks.
Digital Forensics and Incident Response Tools FAQ
Common questions about Digital Forensics and Incident Response tools, selection guides, pricing, and comparisons.
Essential DFIR tools include: disk imaging and analysis (for examining file systems, deleted files, and artifacts), memory forensics (analyzing RAM for malware, credentials, and running processes), network forensics (capturing and analyzing packet data), log analysis and timeline reconstruction, and malware analysis (static and dynamic analysis of malicious files). Many investigators also use cloud-specific forensics tools for AWS/Azure/GCP.
