Digital Forensics and Incident Response Tools
Digital Forensics and Incident Response (DFIR) tools for digital forensic analysis, evidence collection, malware analysis, and cyber incident investigation.
Browse 511 digital forensics and incident response tools
FEATURED
USE CASES
A library and tools to access and analyze APFS file systems
Advanced threat prevention and detection platform leveraging Deep CDR, Multiscanning, and Sandbox technologies to protect against data breaches and ransom attacks.
A file search and query tool for ops and security experts.
Check if an IP address was used as a Tor relay on a given date.
No More Ransom is a collaborative project to combat ransomware attacks by providing decryption tools and prevention advice.
Comprehensive digital forensics and incident response platform for law enforcement, corporate, and academic institutions.
A library and tools for accessing and analyzing Linux Logical Volume Manager (LVM) volume system format.
A library to access the Expert Witness Compression Format (EWF) for digital forensics and incident response.
A library and tools to access and manipulate VMware Virtual Disk (VMDK) files.
A digital forensic tool for creating forensic images of computer hard drives and analyzing digital evidence.
Highlighter is a FireEye Market app that integrates with FireEye products to provide enhanced cybersecurity capabilities.
A Windows Registry hive extraction library that provides C API access for reading and writing registry binary files with XML export capabilities.
A library to access and parse Windows Shortcut File (LNK) format.
A cross-platform registry hive editor for forensic analysis with advanced features like hex viewer and reporting engine.
A command-line tool that extracts detailed technical information, metadata, and checksums from JPEG image files with support for multiple output formats.
A free, open-source file data recovery software that can recover lost files from hard disks, CD-ROMs, and digital camera memory.
A Bluetooth 5 and 4.x sniffer using TI CC1352/CC26x2 hardware with advanced features and Python-based host-side software.
A software that collects forensic artifacts on systems for forensic investigations.
Autopsy is a GUI-based digital forensics platform for analyzing hard drives and smart phones, with a plug-in architecture for custom modules.
A library for working with Windows NT data types, providing access and manipulation functions.
Request Tracker for Incident Response (RTIR) is a tool for incident response teams to manage incident reports, correlate data, and facilitate communication.
A static analysis tool for PE files that identifies potential malicious indicators through compiler detection, packing analysis, signature matching, and suspicious string identification.
A tool that collects and displays user activity and system events on a Windows system.
A library for accessing and parsing OLE 2 Compound File (OLECF) format files, including Microsoft Office documents and thumbs.db files.
Digital Forensics and Incident Response Tools FAQ
Common questions about Digital Forensics and Incident Response tools, selection guides, pricing, and comparisons.
Essential DFIR tools include: disk imaging and analysis (for examining file systems, deleted files, and artifacts), memory forensics (analyzing RAM for malware, credentials, and running processes), network forensics (capturing and analyzing packet data), log analysis and timeline reconstruction, and malware analysis (static and dynamic analysis of malicious files). Many investigators also use cloud-specific forensics tools for AWS/Azure/GCP.
