Digital Forensics and Incident Response Tools
Digital Forensics and Incident Response (DFIR) tools for digital forensic analysis, evidence collection, malware analysis, and cyber incident investigation.
Browse 511 digital forensics and incident response tools
FEATURED
USE CASES
A Python-based forensic tool for extracting and analyzing browser artifacts from Firefox, Iceweasel, and Seamonkey browsers on Unix and Windows systems.
Python 3 tool for parsing Yara rules with ongoing development.
QIRA is a competitor to strace and gdb with MIT license, supporting Ubuntu and Docker for wider compatibility.
yextend extends Yara's functionality by automatically handling archived and compressed content inflation, enabling pattern matching on files buried within multiple layers of archives.
A sandbox for quickly sandboxing known or unknown families of Android Malware
Scan files or process memory for Cobalt Strike beacons and parse their configuration.
Generate comprehensive reports about Windows systems with detailed system, security, networking, and USB information.
A collaborative malware analysis framework with various features for automated analysis tasks.
Automated collection tool for incident response triage in Windows systems.
Extract local data storage of an Android application in one click.
LiME is a Linux Memory Extractor tool for acquiring volatile memory from Linux and Linux-based devices, including Android, with features like full memory captures and minimal process footprint.
A program to manage yara ruleset in a database with support for different databases and configuration options.
A .NET assembly debugger and editor that enables reverse engineering and dynamic analysis of compiled .NET applications without source code access.
An open source .NET deobfuscator and unpacker that restores packed and obfuscated assemblies by reversing various obfuscation techniques.
A script for extracting network metadata and fingerprints such as JA3 and HASSH from packet capture files or live network traffic.
A comprehensive malware-analysis tool that utilizes external AV scanners to identify malicious elements in binary files.
A tool to remove malicious artifacts from Microsoft Office documents, preventing malware infections and data breaches.
Magnet ACQUIRE offers robust data extraction capabilities for digital forensics investigations, supporting a wide range of devices.
edb is a powerful debugger for Linux binaries, enhancing reverse engineering efforts with a user-friendly interface and extensible plugins.
Valkyrie is a sophisticated file verdict system that enhances malware detection through behavioral analysis and extensive file feature examination.
dc3dd is a patch to the GNU dd program, tailored for forensic acquisition with features like hashing and file verification.
MetaDefender Cloud offers advanced threat prevention using technologies like Multiscanning, Deep CDR, and Sandbox.
A command-line utility for extracting human-readable text from binary files.
Incident response and case management solution for efficient incident response and management.
Digital Forensics and Incident Response Tools FAQ
Common questions about Digital Forensics and Incident Response tools, selection guides, pricing, and comparisons.
Essential DFIR tools include: disk imaging and analysis (for examining file systems, deleted files, and artifacts), memory forensics (analyzing RAM for malware, credentials, and running processes), network forensics (capturing and analyzing packet data), log analysis and timeline reconstruction, and malware analysis (static and dynamic analysis of malicious files). Many investigators also use cloud-specific forensics tools for AWS/Azure/GCP.
Based on user ratings and community engagement on CybersecTools, the top-rated Digital Forensics and Incident Response tools are:
