Digital Forensics and Incident Response
Digital Forensics and Incident Response (DFIR) tools for digital forensic analysis, evidence collection, malware analysis, and cyber incident investigation.
Browse 548 digital forensics and incident response tools
FEATURED
RELATED TASKS
A command-line utility for extracting human-readable text from binary files.
A command-line utility for extracting human-readable text from binary files.
A tool that generates YARA rules to search for specific terms within base64-encoded malware samples by enumerating all possible encoding variations.
A tool that generates YARA rules to search for specific terms within base64-encoded malware samples by enumerating all possible encoding variations.
Hide data in images while maintaining perceptual similarity and extract it from printed and photographed images.
Hide data in images while maintaining perceptual similarity and extract it from printed and photographed images.
ELAT (Event Log Analysis Tool) is a tool that helps in analyzing Windows event logs for malware detection.
ELAT (Event Log Analysis Tool) is a tool that helps in analyzing Windows event logs for malware detection.
CAPA is a static analysis tool that detects and reports capabilities in executable files across multiple formats, mapping findings to MITRE ATT&CK tactics and techniques.
CAPA is a static analysis tool that detects and reports capabilities in executable files across multiple formats, mapping findings to MITRE ATT&CK tactics and techniques.
A library to access and manipulate RAW image files.
A javascript malware analysis tool with backend code execution.
A javascript malware analysis tool with backend code execution.
A declarative language for describing binary data structures that compiles into parsers for multiple programming languages.
A declarative language for describing binary data structures that compiles into parsers for multiple programming languages.
Encode or encrypt strings to various hashes and formats, including MD5, SHA1, SHA256, URL encoding, Base64, and Base85.
Encode or encrypt strings to various hashes and formats, including MD5, SHA1, SHA256, URL encoding, Base64, and Base85.
MFT and USN parser for direct extraction in filesystem timeline format with YARA rule support.
MFT and USN parser for direct extraction in filesystem timeline format with YARA rule support.
A library to access the Windows New Technology File System (NTFS) format with read-only support for NTFS versions 3.0 and 3.1.
A library to access the Windows New Technology File System (NTFS) format with read-only support for NTFS versions 3.0 and 3.1.
Incident response and digital forensics tool for transforming data sources and logs into graphs.
Incident response and digital forensics tool for transforming data sources and logs into graphs.
DFIR ORC Documentation provides detailed instructions for setting up the build environment and deploying the tool.
DFIR ORC Documentation provides detailed instructions for setting up the build environment and deploying the tool.
A software utility with forensic tools for smartphones, offering powerful data extraction and decoding capabilities.
A software utility with forensic tools for smartphones, offering powerful data extraction and decoding capabilities.
Emulates browser functionality to detect exploits targeting browser vulnerabilities.
Emulates browser functionality to detect exploits targeting browser vulnerabilities.
Independent software vendor specializing in network security tools and network forensics.
Independent software vendor specializing in network security tools and network forensics.
A sandbox for quickly sandboxing known or unknown families of Android Malware
A sandbox for quickly sandboxing known or unknown families of Android Malware
IDAPython plugin for generating Yara rules/patterns from x86/x86-64 code through parameterization.
IDAPython plugin for generating Yara rules/patterns from x86/x86-64 code through parameterization.
A portable forensic tool that detects encrypted containers like Truecrypt and Veracrypt by analyzing file headers, block cipher patterns, and entropy without external dependencies.
A portable forensic tool that detects encrypted containers like Truecrypt and Veracrypt by analyzing file headers, block cipher patterns, and entropy without external dependencies.
A Live Response collection script for Incident Response that automates the collection of artifacts from various Unix-like operating systems.
A Live Response collection script for Incident Response that automates the collection of artifacts from various Unix-like operating systems.
A Cross-Platform Forensic Framework for Google Chrome that allows investigation of history, downloads, bookmarks, cookies, and provides a full report.
A Cross-Platform Forensic Framework for Google Chrome that allows investigation of history, downloads, bookmarks, cookies, and provides a full report.
C# wrapper around Yara pattern matching library with Loki and Yara signature support.
C# wrapper around Yara pattern matching library with Loki and Yara signature support.
A container of PCAP captures mapped to the relevant attack tactic
A container of PCAP captures mapped to the relevant attack tactic
A cross-platform registry hive editor for forensic analysis with advanced features like hex viewer and reporting engine.
A cross-platform registry hive editor for forensic analysis with advanced features like hex viewer and reporting engine.
Digital Forensics and Incident Response Tools - FAQ
Common questions about Digital Forensics and Incident Response tools including selection guides, pricing, and comparisons.
Digital Forensics and Incident Response (DFIR) tools for digital forensic analysis, evidence collection, malware analysis, and cyber incident investigation.
