Digital Forensics and Incident Response
Digital Forensics and Incident Response (DFIR) tools for digital forensic analysis, evidence collection, malware analysis, and cyber incident investigation.
Browse 513 digital forensics and incident response tools
FEATURED
RELATED TASKS
netsniff-ng is a free Linux networking toolkit with zero-copy mechanisms for network development, analysis, and auditing.
netsniff-ng is a free Linux networking toolkit with zero-copy mechanisms for network development, analysis, and auditing.
A modern tool for Windows kernel exploration and observability with a focus on security.
A modern tool for Windows kernel exploration and observability with a focus on security.
A C-based steganographic tool that hides files within WAV audio files using least significant bit encoding techniques.
A C-based steganographic tool that hides files within WAV audio files using least significant bit encoding techniques.
ENISA Training Resources offers online training material for cybersecurity specialists, covering technical areas such as artefact handling and analysis.
ENISA Training Resources offers online training material for cybersecurity specialists, covering technical areas such as artefact handling and analysis.
CrowdFMS is a CrowdStrike framework that automates malware sample collection from VirusTotal using YARA rule-based notifications and the Private API system.
CrowdFMS is a CrowdStrike framework that automates malware sample collection from VirusTotal using YARA rule-based notifications and the Private API system.
A framework for orchestrating forensic collection, processing, and data export.
A framework for orchestrating forensic collection, processing, and data export.
A Python module for orchestrating remote forensic data acquisition and analysis from Linux instances using Amazon SSM.
A Python module for orchestrating remote forensic data acquisition and analysis from Linux instances using Amazon SSM.
ConventionEngine is a Yara rule collection that analyzes PE files by examining PDB paths for suspicious keywords, terms, and anomalies that may indicate malicious software.
ConventionEngine is a Yara rule collection that analyzes PE files by examining PDB paths for suspicious keywords, terms, and anomalies that may indicate malicious software.
Embeddable Yara library for Java with support for loading rules and scanning data.
Embeddable Yara library for Java with support for loading rules and scanning data.
A modified version of GNU dd with added features like hashing and fast disk wiping.
A modified version of GNU dd with added features like hashing and fast disk wiping.
Dynamic binary analysis library with various analysis and emulation capabilities.
Dynamic binary analysis library with various analysis and emulation capabilities.
An AWS incident response framework that uses Athena to analyze CloudTrail events and EventBridge for notifications to investigate API activity and detect security misconfigurations.
An AWS incident response framework that uses Athena to analyze CloudTrail events and EventBridge for notifications to investigate API activity and detect security misconfigurations.
ALEAPP is a Python-based forensic tool for parsing Android logs, events, and protobuf data with both CLI and GUI interfaces.
ALEAPP is a Python-based forensic tool for parsing Android logs, events, and protobuf data with both CLI and GUI interfaces.
Steganographic Swiss army knife for encoding and decoding data into images.
Steganographic Swiss army knife for encoding and decoding data into images.
Pwndbg is a GDB plug-in that enhances the debugging experience for low-level software developers, hardware hackers, reverse-engineers, and exploit developers.
Pwndbg is a GDB plug-in that enhances the debugging experience for low-level software developers, hardware hackers, reverse-engineers, and exploit developers.
YaraHunter scans container images, running Docker containers, and filesystems using YARA rules to detect malware indicators and signs of compromise.
YaraHunter scans container images, running Docker containers, and filesystems using YARA rules to detect malware indicators and signs of compromise.
Orochi is a collaborative forensic memory dump analysis framework.
Orochi is a collaborative forensic memory dump analysis framework.
RegRippy is a modern Python 3 alternative to RegRipper for extracting data from Windows registry hives.
RegRippy is a modern Python 3 alternative to RegRipper for extracting data from Windows registry hives.
mac_apt is a versatile DFIR tool for processing Mac and iOS images, offering extensive artifact extraction capabilities and cross-platform support.
mac_apt is a versatile DFIR tool for processing Mac and iOS images, offering extensive artifact extraction capabilities and cross-platform support.
An IDAPython script that generates YARA rules for basic blocks of the current function in IDA Pro, with automatic masking of relocation bytes and optional validation against file segments.
An IDAPython script that generates YARA rules for basic blocks of the current function in IDA Pro, with automatic masking of relocation bytes and optional validation against file segments.
A network forensics tool for visualizing packet captures as network diagrams with detailed analysis.
A network forensics tool for visualizing packet captures as network diagrams with detailed analysis.
A module for loading Bro logs as tables in Osquery
A module for loading Bro logs as tables in Osquery
Belkasoft offers cybersecurity solutions, training, and tools for businesses, law enforcement, and academia.
Belkasoft offers cybersecurity solutions, training, and tools for businesses, law enforcement, and academia.
Digital Forensics and Incident Response Tools - FAQ
Common questions about Digital Forensics and Incident Response tools including selection guides, pricing, and comparisons.
Digital Forensics and Incident Response (DFIR) tools for digital forensic analysis, evidence collection, malware analysis, and cyber incident investigation.
