Digital Forensics Tools
Digital forensics tools whose primary job is to collect, preserve, and analyze evidence after the fact.
Browse 250 digital forensics tools
FEATURED
USE CASES
A PowerShell-based DFIR automation tool that streamlines artifact and evidence collection from Windows machines for digital forensic investigations.
Recoverjpeg is a tool for recovering JPEG images from damaged storage media.
A C-based steganographic tool that hides files within WAV audio files using least significant bit encoding techniques.
A tool that uses Plaso to parse forensic artifacts and disk images, creating custom reports for easier analysis.
A free, open source collection of tools for forensic artifact and image analysis.
ELAT (Event Log Analysis Tool) is a tool that helps in analyzing Windows event logs for malware detection.
A command-line utility and Python package for mounting and unmounting various disk image formats with support for different volume systems and filesystems.
A collection of Mac OS X and iOS forensics resources with a focus on artifact collection and collaboration.
A user-friendly and fast Forensic Analysis tool with features like tagging files and generating preview reports.
CyLR is a Live Response Collection tool for quickly and securely collecting forensic artifacts from hosts with NTFS file systems.
A shell script for basic forensic collection of various artefacts from UNIX systems.
Django based web application for network traffic analysis with protocol handling capabilities.
Network Forensic Analysis Tool for deep network traffic inspection and analysis.
Hindsight is a free tool for analyzing web artifacts from Google Chrome/Chromium browsers and presenting the data in a timeline for forensic analysis.
Porting GNU/Linux userland tools to the bionic/Linux userland of Android to provide access to the audit stream for Android applications with minimal overhead.
A Python 2.x tool for memory analysis on Mac OS X systems with support for various OS versions and memory image export capabilities.
WinSearchDBAnalyzer can parse and recover records in Windows.edb, providing detailed insights into various data types.
IE10Analyzer can parse and recover records from WebCacheV01.dat, providing detailed information and conversion capabilities.
A portable Rust-based tool for acquiring volatile memory from Linux systems without requiring prior knowledge of the target OS distribution or kernel.
A digital forensics tool that extracts and analyzes Windows AppCompat and AmCache registry data for enterprise-scale forensic investigations.
Python script to parse macOS MRU plist files into human-friendly format
Dump iOS Frequent Locations from StateModel#.archive files.
A digital forensics tool that extracts and exports location database contents from iOS and macOS devices in KML or CSV formats.
