Digital Forensics and Incident Response
Digital Forensics and Incident Response (DFIR) tools for digital forensic analysis, evidence collection, malware analysis, and cyber incident investigation.
Explore 494 curated cybersecurity tools, with 17,495+ visitors searching for solutions
FEATURED
Cybercrime intelligence tools for searching compromised credentials from infostealers
Password manager with end-to-end encryption and identity protection features
VPN service providing encrypted internet connections and privacy protection
Fractional CISO services for B2B companies to accelerate sales and compliance
Get Featured
Feature your product and reach thousands of professionals.
RELATED TASKS
POFR is a Linux forensic data collection system that captures process execution, file access, and network activity for incident response and compliance analysis.
POFR is a Linux forensic data collection system that captures process execution, file access, and network activity for incident response and compliance analysis.
A tool for creating compact Linux memory dumps compatible with popular debugging tools.
A tool for creating compact Linux memory dumps compatible with popular debugging tools.
A tool to remove malicious artifacts from Microsoft Office documents, preventing malware infections and data breaches.
A tool to remove malicious artifacts from Microsoft Office documents, preventing malware infections and data breaches.
A forensic tool to find hidden processes and TCP/UDP ports by rootkits or other hidden techniques.
A forensic tool to find hidden processes and TCP/UDP ports by rootkits or other hidden techniques.
A Python wrapper for the Libemu library that enables shellcode analysis and malicious code examination through programmatic interfaces.
A Python wrapper for the Libemu library that enables shellcode analysis and malicious code examination through programmatic interfaces.
FIR is a Python-based cybersecurity incident management platform designed for CSIRTs, CERTs, and SOCs to create, track, and report security incidents.
FIR is a Python-based cybersecurity incident management platform designed for CSIRTs, CERTs, and SOCs to create, track, and report security incidents.
Open source Python library for NTFS analysis
A tool that generates Yara rules for strings and their XOR encoded versions, as well as base64-encoded variations with different padding possibilities.
A tool that generates Yara rules for strings and their XOR encoded versions, as well as base64-encoded variations with different padding possibilities.
A discontinued disk imaging utility originally developed by Intel that used block map files for efficient disk image copying operations.
A discontinued disk imaging utility originally developed by Intel that used block map files for efficient disk image copying operations.
A static analysis tool for PE files that identifies potential malicious indicators through compiler detection, packing analysis, signature matching, and suspicious string identification.
A static analysis tool for PE files that identifies potential malicious indicators through compiler detection, packing analysis, signature matching, and suspicious string identification.
A Windows context menu integration tool that scans files and folders for malware patterns, crypto signatures, and malicious documents using Yara rules and PEID signatures.
A Windows context menu integration tool that scans files and folders for malware patterns, crypto signatures, and malicious documents using Yara rules and PEID signatures.
A collection of YARA rules specifically designed for forensic investigations and malware analysis, providing pattern matching capabilities for files and memory dumps.
A collection of YARA rules specifically designed for forensic investigations and malware analysis, providing pattern matching capabilities for files and memory dumps.
CIRTKit is a DFIR console built on the Viper Framework that integrates various forensic tools and provides modules for packet analysis, memory analysis, and automated incident response workflows.
CIRTKit is a DFIR console built on the Viper Framework that integrates various forensic tools and provides modules for packet analysis, memory analysis, and automated incident response workflows.
A PE/COFF file viewer that displays header, section, directory, import table, export table, and resource information within various file types.
A PE/COFF file viewer that displays header, section, directory, import table, export table, and resource information within various file types.
A library to access FileVault Drive Encryption (FVDE) encrypted volumes on Mac OS X systems.
A library to access FileVault Drive Encryption (FVDE) encrypted volumes on Mac OS X systems.
A collection of Python scripts that automate tasks and extend IDA Pro disassembler functionality for reverse engineering workflows.
A collection of Python scripts that automate tasks and extend IDA Pro disassembler functionality for reverse engineering workflows.
Automatic analysis of malware behavior using machine learning.
Automatic analysis of malware behavior using machine learning.
Modern digital forensics and incident response platform with comprehensive tools.
Modern digital forensics and incident response platform with comprehensive tools.
A Go library for manipulating YARA rulesets with the ability to programatically change metadata, rule names, and more.
A Go library for manipulating YARA rulesets with the ability to programatically change metadata, rule names, and more.
CHIPSEC is a cross-platform framework for analyzing PC platform security, including hardware, BIOS/UEFI firmware, and low-level system components.
CHIPSEC is a cross-platform framework for analyzing PC platform security, including hardware, BIOS/UEFI firmware, and low-level system components.
A tool for deep analysis of malicious files using ClamAV and YARA rules, with features like scoring suspect files, building visual tree graphs, and extracting specific patterns.
A tool for deep analysis of malicious files using ClamAV and YARA rules, with features like scoring suspect files, building visual tree graphs, and extracting specific patterns.
A Golang application that stores and queries NIST NSRL Reference Data Set for MD5 and SHA1 hash lookups using Bolt database technology.
A Golang application that stores and queries NIST NSRL Reference Data Set for MD5 and SHA1 hash lookups using Bolt database technology.
VolatilityBot automates memory dump analysis by extracting executables, detecting code injections, and performing automated malware scanning using YARA and ClamAV.
VolatilityBot automates memory dump analysis by extracting executables, detecting code injections, and performing automated malware scanning using YARA and ClamAV.
GrokEVT is a tool for reading Windows event log files and converting them to a human-readable format.
GrokEVT is a tool for reading Windows event log files and converting them to a human-readable format.
Digital Forensics and Incident Response Tools - FAQ
Common questions about Digital Forensics and Incident Response tools including selection guides, pricing, and comparisons.
Digital Forensics and Incident Response (DFIR) tools for digital forensic analysis, evidence collection, malware analysis, and cyber incident investigation.
