Digital Forensics and Incident Response
Digital Forensics and Incident Response (DFIR) tools for digital forensic analysis, evidence collection, malware analysis, and cyber incident investigation.
Browse 548 digital forensics and incident response tools
FEATURED
RELATED TASKS
A comprehensive Linux log analysis tool that streamlines the investigation of security incidents by extracting and organizing critical details from supported log files.
A comprehensive Linux log analysis tool that streamlines the investigation of security incidents by extracting and organizing critical details from supported log files.
A tool that recovers passwords from pixelized screenshots
A tool that recovers passwords from pixelized screenshots
A simple tool to take screenshots of HTTPS websites
A simple tool to take screenshots of HTTPS websites
An open-source binary debugger for Windows with a comprehensive plugin system for malware analysis and reverse engineering.
An open-source binary debugger for Windows with a comprehensive plugin system for malware analysis and reverse engineering.
A comprehensive malware-analysis tool that utilizes external AV scanners to identify malicious elements in binary files.
A comprehensive malware-analysis tool that utilizes external AV scanners to identify malicious elements in binary files.
mXtract is a Linux-based tool for memory analysis and dumping with regex pattern search capabilities.
mXtract is a Linux-based tool for memory analysis and dumping with regex pattern search capabilities.
VMCloak is a tool for creating and preparing Virtual Machines for Cuckoo Sandbox.
VMCloak is a tool for creating and preparing Virtual Machines for Cuckoo Sandbox.
A collection of YARA rules for Windows, Linux, and Other threats.
A collection of YARA rules for Windows, Linux, and Other threats.
Interactive malware hunting service with live access to the heart of an incident.
Interactive malware hunting service with live access to the heart of an incident.
Tool for live forensics acquisition on Windows systems, collecting artefacts for early compromise detection.
Tool for live forensics acquisition on Windows systems, collecting artefacts for early compromise detection.
A malware/botnet analysis framework with a focus on network analysis and process comparison.
A malware/botnet analysis framework with a focus on network analysis and process comparison.
netsniff-ng is a free Linux networking toolkit with zero-copy mechanisms for network development, analysis, and auditing.
netsniff-ng is a free Linux networking toolkit with zero-copy mechanisms for network development, analysis, and auditing.
A modern tool for Windows kernel exploration and observability with a focus on security.
A modern tool for Windows kernel exploration and observability with a focus on security.
A C-based steganographic tool that hides files within WAV audio files using least significant bit encoding techniques.
A C-based steganographic tool that hides files within WAV audio files using least significant bit encoding techniques.
ENISA Training Resources offers online training material for cybersecurity specialists, covering technical areas such as artefact handling and analysis.
ENISA Training Resources offers online training material for cybersecurity specialists, covering technical areas such as artefact handling and analysis.
CrowdFMS is a CrowdStrike framework that automates malware sample collection from VirusTotal using YARA rule-based notifications and the Private API system.
CrowdFMS is a CrowdStrike framework that automates malware sample collection from VirusTotal using YARA rule-based notifications and the Private API system.
A framework for orchestrating forensic collection, processing, and data export.
A framework for orchestrating forensic collection, processing, and data export.
A Python module for orchestrating remote forensic data acquisition and analysis from Linux instances using Amazon SSM.
A Python module for orchestrating remote forensic data acquisition and analysis from Linux instances using Amazon SSM.
ConventionEngine is a Yara rule collection that analyzes PE files by examining PDB paths for suspicious keywords, terms, and anomalies that may indicate malicious software.
ConventionEngine is a Yara rule collection that analyzes PE files by examining PDB paths for suspicious keywords, terms, and anomalies that may indicate malicious software.
Embeddable Yara library for Java with support for loading rules and scanning data.
Embeddable Yara library for Java with support for loading rules and scanning data.
A modified version of GNU dd with added features like hashing and fast disk wiping.
A modified version of GNU dd with added features like hashing and fast disk wiping.
Dynamic binary analysis library with various analysis and emulation capabilities.
Dynamic binary analysis library with various analysis and emulation capabilities.
An AWS incident response framework that uses Athena to analyze CloudTrail events and EventBridge for notifications to investigate API activity and detect security misconfigurations.
An AWS incident response framework that uses Athena to analyze CloudTrail events and EventBridge for notifications to investigate API activity and detect security misconfigurations.
Digital Forensics and Incident Response Tools - FAQ
Common questions about Digital Forensics and Incident Response tools including selection guides, pricing, and comparisons.
Digital Forensics and Incident Response (DFIR) tools for digital forensic analysis, evidence collection, malware analysis, and cyber incident investigation.
