Digital Forensics
Tools and methodologies for investigating digital incidents and gathering electronic evidence.Explore 224 curated tools and resources
Search by name, description, or purpose... (⌘+K)
RELATED TASKS
PINNED
Promoted • 6 toolsCommercial
Data Protection
Commercial
Network Security
Commercial
Consulting
Commercial
Application Security
Commercial
Cloud Security
Commercial
Application Security
Want your tool featured here?
Get maximum visibility with pinned placement
LATEST ADDITIONS
Toolkit for post-mortem analysis of Docker runtime environments using forensic HDD copies.
Toolkit for post-mortem analysis of Docker runtime environments using forensic HDD copies.
A utility for recovering deleted files from ext3 or ext4 partitions.
A utility for recovering deleted files from ext3 or ext4 partitions.
A library and tools to access and analyze APFS file systems
IE10Analyzer can parse and recover records from WebCacheV01.dat, providing detailed information and conversion capabilities.
IE10Analyzer can parse and recover records from WebCacheV01.dat, providing detailed information and conversion capabilities.
AMExtractor is an Android memory acquisition tool that dumps physical device memory using /dev/kmem without requiring kernel source code.
AMExtractor is an Android memory acquisition tool that dumps physical device memory using /dev/kmem without requiring kernel source code.
A Mac OS X computer forensics tool for analyzing system artifacts, user files, and logs with reputation verification and log aggregation capabilities.
A Mac OS X computer forensics tool for analyzing system artifacts, user files, and logs with reputation verification and log aggregation capabilities.
Exterro is a data risk management platform that optimizes e-discovery, digital forensics, and cybersecurity compliance operations.
Exterro is a data risk management platform that optimizes e-discovery, digital forensics, and cybersecurity compliance operations.
Second-order subdomain takeover scanner
Automated digital image forensics tool
A read-only FUSE driver that enables Linux systems to mount and access Apple File System (APFS) volumes, including encrypted and fusion drives.
A read-only FUSE driver that enables Linux systems to mount and access Apple File System (APFS) volumes, including encrypted and fusion drives.
A PowerShell module for threat hunting and security analysis through Windows Event Log processing and malicious activity detection.
A PowerShell module for threat hunting and security analysis through Windows Event Log processing and malicious activity detection.
Tool used for dumping memory from Android devices with root access requirement and forensic soundness considerations.
Tool used for dumping memory from Android devices with root access requirement and forensic soundness considerations.
A high-performance digital forensics exploitation tool for extracting structured information from various inputs without parsing file system structures.
A high-performance digital forensics exploitation tool for extracting structured information from various inputs without parsing file system structures.
Malscan is a tool to scan process memory for YARA matches and execute Python scripts.
Malscan is a tool to scan process memory for YARA matches and execute Python scripts.
No More Ransom is a collaborative project to combat ransomware attacks by providing decryption tools and prevention advice.
No More Ransom is a collaborative project to combat ransomware attacks by providing decryption tools and prevention advice.
A Windows Registry hive extraction library that provides C API access for reading and writing registry binary files with XML export capabilities.
A Windows Registry hive extraction library that provides C API access for reading and writing registry binary files with XML export capabilities.
A bash script for automating Linux swap analysis for post-exploitation or forensics purposes.
A bash script for automating Linux swap analysis for post-exploitation or forensics purposes.
Automated collection tool for incident response triage in Windows systems.
Automated collection tool for incident response triage in Windows systems.
A digital investigation platform for parsing, searching, and visualizing evidences with advanced analytics capabilities.
A digital investigation platform for parsing, searching, and visualizing evidences with advanced analytics capabilities.
Developing APIs to access memory on industrial control system devices.
Developing APIs to access memory on industrial control system devices.
Forensic imaging program with full hash authentication and various acquisition options.
Forensic imaging program with full hash authentication and various acquisition options.
PowerGRR is a PowerShell API client library that automates GRR (Google Rapid Response) operations for digital forensics and incident response across multiple operating systems.
PowerGRR is a PowerShell API client library that automates GRR (Google Rapid Response) operations for digital forensics and incident response across multiple operating systems.
An open source format for storing digital evidence and data, with a C/C++ library for creating, reading, and manipulating AFF4 images.
An open source format for storing digital evidence and data, with a C/C++ library for creating, reading, and manipulating AFF4 images.
A script for extracting common Windows artifacts from source images and VSCs with detailed dependencies and usage instructions.
A script for extracting common Windows artifacts from source images and VSCs with detailed dependencies and usage instructions.