Digital Forensics and Incident Response
Digital Forensics and Incident Response (DFIR) tools for digital forensic analysis, evidence collection, malware analysis, and cyber incident investigation.
Explore 494 curated cybersecurity tools, with 17,495+ visitors searching for solutions
FEATURED
Cybercrime intelligence tools for searching compromised credentials from infostealers
Password manager with end-to-end encryption and identity protection features
VPN service providing encrypted internet connections and privacy protection
Fractional CISO services for B2B companies to accelerate sales and compliance
Get Featured
Feature your product and reach thousands of professionals.
RELATED TASKS
A Python script for scanning data within an IDB using Yara
A Python script for scanning data within an IDB using Yara
Accessing databases stored on a machine by the Chrome browser and dumping URLs found.
Accessing databases stored on a machine by the Chrome browser and dumping URLs found.
Python 3 tool for parsing Yara rules with ongoing development.
Python 3 tool for parsing Yara rules with ongoing development.
A process scanning tool that detects and dumps malicious implants, shellcodes, hooks, and memory patches in running processes.
A process scanning tool that detects and dumps malicious implants, shellcodes, hooks, and memory patches in running processes.
Investigate malicious logons by visualizing and analyzing Windows Active Directory event logs with LogonTracer.
Investigate malicious logons by visualizing and analyzing Windows Active Directory event logs with LogonTracer.
A library for read-only access to QEMU Copy-On-Write (QCOW) image files, supporting multiple versions and compression formats for digital forensics analysis.
A library for read-only access to QEMU Copy-On-Write (QCOW) image files, supporting multiple versions and compression formats for digital forensics analysis.
Automated Mac Forensic Triage Collector
A repository of Yara signatures under the GNU-GPLv2 license for the cybersecurity community.
A repository of Yara signatures under the GNU-GPLv2 license for the cybersecurity community.
RetDec is an LLVM-based decompiler that converts machine code from various architectures and file formats back into readable C-like source code for reverse engineering and malware analysis.
RetDec is an LLVM-based decompiler that converts machine code from various architectures and file formats back into readable C-like source code for reverse engineering and malware analysis.
A reliable end-to-end DFIR solution for boosting cyber incident response and forensics capacity.
A reliable end-to-end DFIR solution for boosting cyber incident response and forensics capacity.
Check if an IP address was used as a Tor relay on a given date.
Check if an IP address was used as a Tor relay on a given date.
Advanced threat prevention and detection platform leveraging Deep CDR, Multiscanning, and Sandbox technologies to protect against data breaches and ransom attacks.
Advanced threat prevention and detection platform leveraging Deep CDR, Multiscanning, and Sandbox technologies to protect against data breaches and ransom attacks.
A library to access the Expert Witness Compression Format (EWF) for digital forensics and incident response.
A library to access the Expert Witness Compression Format (EWF) for digital forensics and incident response.
A library and tools for accessing and analyzing Linux Logical Volume Manager (LVM) volume system format.
A library and tools for accessing and analyzing Linux Logical Volume Manager (LVM) volume system format.
Stenographer is a high-performance full-packet-capture utility for intrusion detection and incident response purposes.
Stenographer is a high-performance full-packet-capture utility for intrusion detection and incident response purposes.
A C library that enables cross-platform execution of functions from stripped binaries using file names, offsets, and function signatures.
A C library that enables cross-platform execution of functions from stripped binaries using file names, offsets, and function signatures.
A command-line utility for extracting human-readable text from binary files.
A command-line utility for extracting human-readable text from binary files.
A tool that generates YARA rules to search for specific terms within base64-encoded malware samples by enumerating all possible encoding variations.
A tool that generates YARA rules to search for specific terms within base64-encoded malware samples by enumerating all possible encoding variations.
Hide data in images while maintaining perceptual similarity and extract it from printed and photographed images.
Hide data in images while maintaining perceptual similarity and extract it from printed and photographed images.
ELAT (Event Log Analysis Tool) is a tool that helps in analyzing Windows event logs for malware detection.
ELAT (Event Log Analysis Tool) is a tool that helps in analyzing Windows event logs for malware detection.
CAPA is a static analysis tool that detects and reports capabilities in executable files across multiple formats, mapping findings to MITRE ATT&CK tactics and techniques.
CAPA is a static analysis tool that detects and reports capabilities in executable files across multiple formats, mapping findings to MITRE ATT&CK tactics and techniques.
A library to access and manipulate RAW image files.
A javascript malware analysis tool with backend code execution.
A javascript malware analysis tool with backend code execution.
A declarative language for describing binary data structures that compiles into parsers for multiple programming languages.
A declarative language for describing binary data structures that compiles into parsers for multiple programming languages.
Digital Forensics and Incident Response Tools - FAQ
Common questions about Digital Forensics and Incident Response tools including selection guides, pricing, and comparisons.
Digital Forensics and Incident Response (DFIR) tools for digital forensic analysis, evidence collection, malware analysis, and cyber incident investigation.
