Digital Forensics Tools
Digital forensics tools whose primary job is to collect, preserve, and analyze evidence after the fact.
Browse 250 digital forensics tools
FEATURED
USE CASES
A free endpoint security tool for host investigative capabilities to find signs of malicious activity through memory and file analysis.
A comprehensive utility that shows what programs are configured to run during system bootup or login, and when you start various built-in Windows applications.
A library for read-only access to QEMU Copy-On-Write (QCOW) image files, supporting multiple versions and compression formats for digital forensics analysis.
A PowerShell-based incident response and live forensic data acquisition tool for Windows hosts.
A library to access and parse Windows XML Event Log (EVTX) format, useful for digital forensics and incident response.
A digital artifact extraction framework for extracting data from volatile memory (RAM) samples, providing visibility into the runtime state of a system.
Stegextract is a Bash script that extracts hidden files and strings from images, supporting PNG, JPG, and GIF formats.
A library and set of tools for accessing and analyzing storage media devices and partitions for forensic analysis and investigation.
A command-line tool for creating hex dumps, converting between binary and human-readable representations, and patching binary files.
