Digital Forensics for Incident Response
Tools and methodologies for investigating digital incidents and gathering electronic evidence. Task: Incident ResponseExplore 47 curated tools and resources
Search by name, description, or purpose... (⌘+K)
RELATED TASKS
PINNED
Promoted • 4 toolsCommercial
Data Protection
Commercial
Network Security
Commercial
Consulting
Commercial
Vulnerability Management
Want your tool featured here?
Get maximum visibility with pinned placement
LATEST ADDITIONS
A comprehensive Linux log analysis tool that streamlines the investigation of security incidents by extracting and organizing critical details from supported log files.
A comprehensive Linux log analysis tool that streamlines the investigation of security incidents by extracting and organizing critical details from supported log files.
An AWS incident response framework that uses Athena to analyze CloudTrail events and EventBridge for notifications to investigate API activity and detect security misconfigurations.
An AWS incident response framework that uses Athena to analyze CloudTrail events and EventBridge for notifications to investigate API activity and detect security misconfigurations.
ALEAPP is a Python-based forensic tool for parsing Android logs, events, and protobuf data with both CLI and GUI interfaces.
ALEAPP is a Python-based forensic tool for parsing Android logs, events, and protobuf data with both CLI and GUI interfaces.
RegRippy is a modern Python 3 alternative to RegRipper for extracting data from Windows registry hives.
mac_apt is a versatile DFIR tool for processing Mac and iOS images, offering extensive artifact extraction capabilities and cross-platform support.
mac_apt is a versatile DFIR tool for processing Mac and iOS images, offering extensive artifact extraction capabilities and cross-platform support.
Belkasoft offers cybersecurity solutions, training, and tools for businesses, law enforcement, and academia.
Belkasoft offers cybersecurity solutions, training, and tools for businesses, law enforcement, and academia.
A comprehensive incident response tool for Windows computers, providing advanced memory forensics and access to locked systems.
A comprehensive incident response tool for Windows computers, providing advanced memory forensics and access to locked systems.
A PowerShell-based DFIR automation tool that streamlines artifact and evidence collection from Windows machines for digital forensic investigations.
A PowerShell-based DFIR automation tool that streamlines artifact and evidence collection from Windows machines for digital forensic investigations.
A framework/scripting tool to standardize and simplify the process of scripting favorite Live Acquisition utilities for Incident Responders.
A framework/scripting tool to standardize and simplify the process of scripting favorite Live Acquisition utilities for Incident Responders.
Margarita Shotgun is a Python tool that enables remote memory acquisition from target systems through command line interface, supporting Linux distributions and other operating systems via Docker containers.
Margarita Shotgun is a Python tool that enables remote memory acquisition from target systems through command line interface, supporting Linux distributions and other operating systems via Docker containers.
Dissect is a digital forensics & incident response framework that simplifies the analysis of forensic artefacts from various disk and file formats.
Dissect is a digital forensics & incident response framework that simplifies the analysis of forensic artefacts from various disk and file formats.
A PowerShell module for threat hunting and security analysis through Windows Event Log processing and malicious activity detection.
A PowerShell module for threat hunting and security analysis through Windows Event Log processing and malicious activity detection.
Automated collection tool for incident response triage in Windows systems.
Automated collection tool for incident response triage in Windows systems.
A digital investigation platform for parsing, searching, and visualizing evidences with advanced analytics capabilities.
A digital investigation platform for parsing, searching, and visualizing evidences with advanced analytics capabilities.
Developing APIs to access memory on industrial control system devices.
Developing APIs to access memory on industrial control system devices.
PowerGRR is a PowerShell API client library that automates GRR (Google Rapid Response) operations for digital forensics and incident response across multiple operating systems.
PowerGRR is a PowerShell API client library that automates GRR (Google Rapid Response) operations for digital forensics and incident response across multiple operating systems.
A library and tools to access and manipulate VMware Virtual Disk (VMDK) files.
A library and tools to access and manipulate VMware Virtual Disk (VMDK) files.
Review of various MFT parsers used in digital forensics for analyzing NTFS file systems.
Review of various MFT parsers used in digital forensics for analyzing NTFS file systems.
A digital forensics tool that extracts and analyzes Windows AppCompat and AmCache registry data for enterprise-scale forensic investigations.
A digital forensics tool that extracts and analyzes Windows AppCompat and AmCache registry data for enterprise-scale forensic investigations.
A powerful tool for analyzing and visualizing system activity timelines.
A powerful tool for analyzing and visualizing system activity timelines.
Highlighter is a FireEye Market app that integrates with FireEye products to provide enhanced cybersecurity capabilities.
Highlighter is a FireEye Market app that integrates with FireEye products to provide enhanced cybersecurity capabilities.
A utility package that monitors hard drive health through SMART technology to detect and prevent disk failures before data loss occurs.
A utility package that monitors hard drive health through SMART technology to detect and prevent disk failures before data loss occurs.
Comprehensive digital forensics and incident response platform for law enforcement, corporate, and academic institutions.
Comprehensive digital forensics and incident response platform for law enforcement, corporate, and academic institutions.
A Forensic Framework for Skype with various investigative options.