Digital Forensics and Incident Response Tools
Digital Forensics and Incident Response (DFIR) tools for digital forensic analysis, evidence collection, malware analysis, and cyber incident investigation.
Browse 511 digital forensics and incident response tools
FEATURED
USE CASES
A Python 2.x tool for memory analysis on Mac OS X systems with support for various OS versions and memory image export capabilities.
Drltrace is a dynamic API calls tracer for Windows and Linux applications.
Hoarder is a tool to collect and parse windows artifacts.
Generate Yara rules from function basic blocks in x64dbg.
WinSearchDBAnalyzer can parse and recover records in Windows.edb, providing detailed insights into various data types.
IE10Analyzer can parse and recover records from WebCacheV01.dat, providing detailed information and conversion capabilities.
VolatilityBot automates memory dump analysis by extracting executables, detecting code injections, and performing automated malware scanning using YARA and ClamAV.
A file analysis framework that automates the evaluation of files by running a suite of tools and aggregating the output.
A .NET wrapper for libyara that provides a simplified API for developing tools in C# and PowerShell.
A portable Rust-based tool for acquiring volatile memory from Linux systems without requiring prior knowledge of the target OS distribution or kernel.
A command-line tool that visually displays YARA rule matches, regex matches, and hex patterns in binary data with colored output and configurable context bytes.
A command-line tool for analyzing and extracting detailed information from Windows Portable Executable (PE) files.
A digital forensics tool that extracts and analyzes Windows AppCompat and AmCache registry data for enterprise-scale forensic investigations.
FLOSS is a static analysis tool that automatically extracts and deobfuscates hidden strings from malware binaries using advanced analysis techniques.
A simple framework for extracting actionable data from Android malware
Python script to parse macOS MRU plist files into human-friendly format
Dump iOS Frequent Locations from StateModel#.archive files.
A digital forensics tool that extracts and exports location database contents from iOS and macOS devices in KML or CSV formats.
A malware/botnet analysis framework with a focus on network analysis and process comparison.
A package for hiding data inside jpeg files using steganography techniques.
A tool for deep analysis of malicious files using ClamAV and YARA rules, with features like scoring suspect files, building visual tree graphs, and extracting specific patterns.
A Python-based engine for automatic creation of timelines in digital forensic analysis
A framework for orchestrating forensic collection, processing, and data export.
Laika BOSS is a scalable object scanner and intrusion detection system that extracts child objects, applies security flags, and generates metadata from files for security analysis.
Digital Forensics and Incident Response Tools FAQ
Common questions about Digital Forensics and Incident Response tools, selection guides, pricing, and comparisons.
Essential DFIR tools include: disk imaging and analysis (for examining file systems, deleted files, and artifacts), memory forensics (analyzing RAM for malware, credentials, and running processes), network forensics (capturing and analyzing packet data), log analysis and timeline reconstruction, and malware analysis (static and dynamic analysis of malicious files). Many investigators also use cloud-specific forensics tools for AWS/Azure/GCP.
