Digital Forensics
209 tools and resources
FEATURED
Feature Your Cybersecurity Product
Showcase your innovative cybersecurity solution to our dedicated audience of security professionals.
Boost Your VisibilityNEW
A reliable end-to-end DFIR solution for boosting cyber incident response and forensics capacity.
A library to access the Expert Witness Compression Format (EWF) for digital forensics and incident response.
A library and tools for accessing and analyzing Linux Logical Volume Manager (LVM) volume system format.
A recognition framework for identifying products, services, operating systems, and hardware by matching fingerprints against network probes.
A command-line utility for extracting human-readable text from binary files.
A library to access and manipulate RAW image files.
MFT and USN parser for direct extraction in filesystem timeline format with YARA rule support.
A library to access the Windows New Technology File System (NTFS) format with read-only support for NTFS versions 3.0 and 3.1.
DFIR ORC Documentation provides detailed instructions for setting up the build environment and deploying the tool.
A software utility with forensic tools for smartphones, offering powerful data extraction and decoding capabilities.
Truehunter is a tool designed to detect encrypted containers with a focus on Truecrypt and Veracrypt, utilizing a fast and memory efficient approach.
A Cross-Platform Forensic Framework for Google Chrome that allows investigation of history, downloads, bookmarks, cookies, and provides a full report.
A cross-platform registry hive editor for forensic analysis with advanced features like hex viewer and reporting engine.
A library to access and parse Windows XML Event Log (EVTX) format, useful for digital forensics and incident response.
A library and set of tools for accessing and analyzing storage media devices and partitions for forensic analysis and investigation.
Open source tool for generating YARA rules about installed software from a running OS.
GVfs is a userspace virtual filesystem implementation for GIO with various backends and features.
Diffy is a digital forensics and incident response (DFIR) tool developed by Netflix's Security Intelligence and Response Team (SIRT) for scoping compromises across cloud instances.
Educational CTF-styled challenges for Memory Forensics.
Forensics tool for exploring offline Docker filesystems.
MalConfScan is a Volatility plugin for extracting configuration data of known malware and analyzing memory images.