Digital Forensics and Incident Response
Digital Forensics and Incident Response (DFIR) tools for digital forensic analysis, evidence collection, malware analysis, and cyber incident investigation.
Browse 548 digital forensics and incident response tools
FEATURED
RELATED TASKS
A tool for signature analysis of RTF files to detect potentially unique parts and malicious documents.
A tool for signature analysis of RTF files to detect potentially unique parts and malicious documents.
A Docker-based steganography analysis toolkit containing pre-installed tools and automated scripts for detecting and extracting hidden data from files, primarily designed for CTF challenges.
A Docker-based steganography analysis toolkit containing pre-installed tools and automated scripts for detecting and extracting hidden data from files, primarily designed for CTF challenges.
A framework/scripting tool to standardize and simplify the process of scripting favorite Live Acquisition utilities for Incident Responders.
A framework/scripting tool to standardize and simplify the process of scripting favorite Live Acquisition utilities for Incident Responders.
CapTipper is a python tool to analyze, explore, and revive HTTP malicious traffic.
CapTipper is a python tool to analyze, explore, and revive HTTP malicious traffic.
Recoverjpeg is a tool for recovering JPEG images from damaged storage media.
Recoverjpeg is a tool for recovering JPEG images from damaged storage media.
Hindsight is a free tool for analyzing web artifacts from Google Chrome/Chromium browsers and presenting the data in a timeline for forensic analysis.
Hindsight is a free tool for analyzing web artifacts from Google Chrome/Chromium browsers and presenting the data in a timeline for forensic analysis.
Open Backup Extractor is an open source program for extracting data from iPhone and iPad backups.
Open Backup Extractor is an open source program for extracting data from iPhone and iPad backups.
ZAT is a Python package that processes and analyzes Zeek network security data using machine learning libraries like Pandas, scikit-learn, Kafka, and Spark.
ZAT is a Python package that processes and analyzes Zeek network security data using machine learning libraries like Pandas, scikit-learn, Kafka, and Spark.
Collects Yara rules from over 150 free resources, a free alternative to Valhalla.
Collects Yara rules from over 150 free resources, a free alternative to Valhalla.
Largest open collection of Android malware samples, with 298 samples and contributions welcome.
Largest open collection of Android malware samples, with 298 samples and contributions welcome.
A collection of tools to debug and inspect Kubernetes resources and applications, managing eBPF programs execution and mapping kernel primitives to Kubernetes resources.
A collection of tools to debug and inspect Kubernetes resources and applications, managing eBPF programs execution and mapping kernel primitives to Kubernetes resources.
A powerful tool for detecting and identifying malware using a rule-based system.
A powerful tool for detecting and identifying malware using a rule-based system.
Ghidra is an NSA-developed software reverse engineering framework that provides disassembly, decompilation, and analysis tools for examining compiled code across multiple platforms and processor architectures.
Ghidra is an NSA-developed software reverse engineering framework that provides disassembly, decompilation, and analysis tools for examining compiled code across multiple platforms and processor architectures.
Turbinia is an open-source framework for automating the running of common forensic processing tools to help with processing evidence in the Cloud.
Turbinia is an open-source framework for automating the running of common forensic processing tools to help with processing evidence in the Cloud.
Python script to parse the NTFS USN Change Journal.
Python script to parse the NTFS USN Change Journal.
Generate Yara rules from function basic blocks in x64dbg.
Generate Yara rules from function basic blocks in x64dbg.
Binwalk is a firmware analysis tool that enables reverse engineering and extraction of embedded file systems and archives from firmware images.
Binwalk is a firmware analysis tool that enables reverse engineering and extraction of embedded file systems and archives from firmware images.
A command-line forensics tool for tracking and analyzing USB device artifacts and connection history on Linux systems.
A command-line forensics tool for tracking and analyzing USB device artifacts and connection history on Linux systems.
A library for accessing and parsing Windows NT Registry File (REGF) format files, designed for digital forensics and registry analysis applications.
A library for accessing and parsing Windows NT Registry File (REGF) format files, designed for digital forensics and registry analysis applications.
Advanced computer forensics software with efficient features.
Advanced computer forensics software with efficient features.
BARF is an open source binary analysis framework for supporting various binary code analysis tasks in information security.
BARF is an open source binary analysis framework for supporting various binary code analysis tasks in information security.
Toolkit for performing acquisitions on iOS devices with logical and filesystem acquisition support.
Toolkit for performing acquisitions on iOS devices with logical and filesystem acquisition support.
A GNU Emacs editor mode that provides syntax highlighting, indentation, and language server integration for editing YARA rule files.
A GNU Emacs editor mode that provides syntax highlighting, indentation, and language server integration for editing YARA rule files.
PowerForensics is a PowerShell digital forensics framework for hard drive forensic analysis.
PowerForensics is a PowerShell digital forensics framework for hard drive forensic analysis.
Digital Forensics and Incident Response Tools - FAQ
Common questions about Digital Forensics and Incident Response tools including selection guides, pricing, and comparisons.
Digital Forensics and Incident Response (DFIR) tools for digital forensic analysis, evidence collection, malware analysis, and cyber incident investigation.
