Digital Forensics and Incident Response Tools
Digital Forensics and Incident Response (DFIR) tools for digital forensic analysis, evidence collection, malware analysis, and cyber incident investigation.
Browse 511 digital forensics and incident response tools
FEATURED
USE CASES
A report on detecting lateral movement through tracking event logs, updated to include analysis of various tools and commands used by attackers.
Detect signed malware and track stolen code-signing certificates using osquery.
Analyzing WiFiConfigStore.xml file for digital forensics on Android devices.
A toolkit for forensic analysis of network appliances with YARA decoding options and frame extraction capabilities.
A command-line tool for managing and analyzing Microsoft Forefront TMG and UAG configurations.
A powerful tool for analyzing and visualizing system activity timelines.
Binary Ninja is an interactive decompiler, disassembler, debugger, and binary analysis platform with a focus on automation and a clean GUI.
Modern digital forensics and incident response platform with comprehensive tools.
A reliable end-to-end DFIR solution for boosting cyber incident response and forensics capacity.
Belkasoft offers cybersecurity solutions, training, and tools for businesses, law enforcement, and academia.
A service that analyzes and visualizes security data to investigate potential security issues.
Holistic malware analysis platform with interactive sandbox, static analyzer, and emulation capabilities.
Advanced computer forensics software with efficient features.
Universal hexadecimal editor for computer forensics, data recovery, and IT security.
Powerful debugging tool with extensive features and extensions for memory dump analysis and crash dump analysis.
A freeware suite of tools for PE editing and process viewing, including CFF Explorer and Resource Editor.
Extracts resources (bitmaps, icons, cursors, AVI movies, HTML files, and more) from dll files
Independent software vendor specializing in network security tools and network forensics.
A collection of binary tools for various purposes including linking, assembling, profiling, and more.
Forensic imaging program with full hash authentication and various acquisition options.
Free tools for the CrowdStrike customer community to support their use of the Falcon platform.
A scalable python framework for security research and development teams.
A PE/COFF file viewer that displays header, section, directory, import table, export table, and resource information within various file types.
Encode or encrypt strings to various hashes and formats, including MD5, SHA1, SHA256, URL encoding, Base64, and Base85.
Digital Forensics and Incident Response Tools FAQ
Common questions about Digital Forensics and Incident Response tools, selection guides, pricing, and comparisons.
Essential DFIR tools include: disk imaging and analysis (for examining file systems, deleted files, and artifacts), memory forensics (analyzing RAM for malware, credentials, and running processes), network forensics (capturing and analyzing packet data), log analysis and timeline reconstruction, and malware analysis (static and dynamic analysis of malicious files). Many investigators also use cloud-specific forensics tools for AWS/Azure/GCP.
