Digital Forensics and Incident Response
Digital Forensics and Incident Response (DFIR) tools for digital forensic analysis, evidence collection, malware analysis, and cyber incident investigation.
Browse 548 digital forensics and incident response tools
FEATURED
RELATED TASKS
Python script to parse macOS MRU plist files into human-friendly format
Python script to parse macOS MRU plist files into human-friendly format
Network Dump data Displayer and Editor framework for tcpdump trace files manipulation.
Network Dump data Displayer and Editor framework for tcpdump trace files manipulation.
Analyzing WiFiConfigStore.xml file for digital forensics on Android devices.
Analyzing WiFiConfigStore.xml file for digital forensics on Android devices.
Recover event log entries from an image by heuristically looking for record structures.
Recover event log entries from an image by heuristically looking for record structures.
YARA plugin for Sublime Text with syntax highlighting and snippets.
YARA plugin for Sublime Text with syntax highlighting and snippets.
Malware sandbox for executing malicious files in an isolated environment with advanced features.
Malware sandbox for executing malicious files in an isolated environment with advanced features.
A digital forensics tool that provides read-only access to file-system objects from various storage media types and file formats.
A digital forensics tool that provides read-only access to file-system objects from various storage media types and file formats.
Collection of YARA signatures from recent malware research.
Collection of YARA signatures from recent malware research.
A tool for fixing acquired .evt Windows Event Log files in digital forensics.
A tool for fixing acquired .evt Windows Event Log files in digital forensics.
A library for checking potentially malicious files and archives using YARA and making a decision about their harmfulness.
A library for checking potentially malicious files and archives using YARA and making a decision about their harmfulness.
Yaramod is a library for parsing YARA rules into AST and building new YARA rulesets with C++ programming interface.
Yaramod is a library for parsing YARA rules into AST and building new YARA rulesets with C++ programming interface.
A collection of PowerShell modules for artifact gathering and reconnaissance of Windows-based endpoints.
A collection of PowerShell modules for artifact gathering and reconnaissance of Windows-based endpoints.
RABCDAsm is a collection of utilities for ActionScript 3 assembly/disassembly and SWF file manipulation.
RABCDAsm is a collection of utilities for ActionScript 3 assembly/disassembly and SWF file manipulation.
A command-line tool for extracting data from iOS mobile device backups created by iTunes on macOS systems.
A command-line tool for extracting data from iOS mobile device backups created by iTunes on macOS systems.
Timeliner is a digital forensics tool that rewrites mactime with an advanced expression engine for complex timeline filtering using BPF syntax.
Timeliner is a digital forensics tool that rewrites mactime with an advanced expression engine for complex timeline filtering using BPF syntax.
Create checkpoint snapshots of the state of running pods for later off-line analysis.
Create checkpoint snapshots of the state of running pods for later off-line analysis.
DFIRTrack is an open source web application focused on incident response for handling major incidents with many affected systems, tracking system status, tasks, and artifacts.
DFIRTrack is an open source web application focused on incident response for handling major incidents with many affected systems, tracking system status, tasks, and artifacts.
A command-line tool that extracts detailed technical information, metadata, and checksums from JPEG image files with support for multiple output formats.
A command-line tool that extracts detailed technical information, metadata, and checksums from JPEG image files with support for multiple output formats.
Web interface for the Volatility Memory Analysis framework with advanced features.
Web interface for the Volatility Memory Analysis framework with advanced features.
Strelka is a real-time, container-based file scanning system that performs file extraction and metadata collection at enterprise scale for threat hunting, detection, and incident response.
Strelka is a real-time, container-based file scanning system that performs file extraction and metadata collection at enterprise scale for threat hunting, detection, and incident response.
A Vim syntax-highlighting plugin for YARA rules that supports versions up to v4.3 and provides enhanced code readability for malware analysts.
A Vim syntax-highlighting plugin for YARA rules that supports versions up to v4.3 and provides enhanced code readability for malware analysts.
Hoarder is a tool to collect and parse windows artifacts.
Hoarder is a tool to collect and parse windows artifacts.
YARA module for supporting DCSO format bloom filters with hashlookup capabilities.
YARA module for supporting DCSO format bloom filters with hashlookup capabilities.
Digital Forensics and Incident Response Tools - FAQ
Common questions about Digital Forensics and Incident Response tools including selection guides, pricing, and comparisons.
Digital Forensics and Incident Response (DFIR) tools for digital forensic analysis, evidence collection, malware analysis, and cyber incident investigation.
