Digital Forensics
Tools and methodologies for investigating digital incidents and gathering electronic evidence.Explore 224 curated tools and resources
Search by name, description, or purpose... (⌘+K)
RELATED TASKS
PINNED
Promoted • 6 toolsCommercial
Data Protection
Commercial
Network Security
Commercial
Consulting
Commercial
Application Security
Commercial
Cloud Security
Commercial
Application Security
Want your tool featured here?
Get maximum visibility with pinned placement
LATEST ADDITIONS
An open source digital forensic tool for processing and analyzing digital evidence with high performance and multiplatform support.
An open source digital forensic tool for processing and analyzing digital evidence with high performance and multiplatform support.
A Python-based forensic tool for extracting and analyzing browser artifacts from Firefox, Iceweasel, and Seamonkey browsers on Unix and Windows systems.
A Python-based forensic tool for extracting and analyzing browser artifacts from Firefox, Iceweasel, and Seamonkey browsers on Unix and Windows systems.
Windows anti-forensics USB monitoring tool with the ability to shutdown the computer upon detecting the unplugging of a specified USB device.
Windows anti-forensics USB monitoring tool with the ability to shutdown the computer upon detecting the unplugging of a specified USB device.
A library and tools to access and manipulate VMware Virtual Disk (VMDK) files.
A library and tools to access and manipulate VMware Virtual Disk (VMDK) files.
Dump iOS Frequent Locations from StateModel#.archive files.
Dump iOS Frequent Locations from StateModel#.archive files.
A library for accessing and parsing OLE 2 Compound File (OLECF) format files, including Microsoft Office documents and thumbs.db files.
A library for accessing and parsing OLE 2 Compound File (OLECF) format files, including Microsoft Office documents and thumbs.db files.
Review of various MFT parsers used in digital forensics for analyzing NTFS file systems.
Review of various MFT parsers used in digital forensics for analyzing NTFS file systems.
A command-line utility and Python package for mounting and unmounting various disk image formats with support for different volume systems and filesystems.
A command-line utility and Python package for mounting and unmounting various disk image formats with support for different volume systems and filesystems.
A digital forensics tool that extracts and analyzes Windows AppCompat and AmCache registry data for enterprise-scale forensic investigations.
A digital forensics tool that extracts and analyzes Windows AppCompat and AmCache registry data for enterprise-scale forensic investigations.
A powerful tool for analyzing and visualizing system activity timelines.
A powerful tool for analyzing and visualizing system activity timelines.
Highlighter is a FireEye Market app that integrates with FireEye products to provide enhanced cybersecurity capabilities.
Highlighter is a FireEye Market app that integrates with FireEye products to provide enhanced cybersecurity capabilities.
A utility package that monitors hard drive health through SMART technology to detect and prevent disk failures before data loss occurs.
A utility package that monitors hard drive health through SMART technology to detect and prevent disk failures before data loss occurs.
Comprehensive digital forensics and incident response platform for law enforcement, corporate, and academic institutions.
Comprehensive digital forensics and incident response platform for law enforcement, corporate, and academic institutions.
Analyse a forensic target to find and report files found and not found in hashlookup CIRCL public service.
Analyse a forensic target to find and report files found and not found in hashlookup CIRCL public service.
A library to access and parse Windows Shortcut File (LNK) format.
A library for accessing and parsing Microsoft Internet Explorer cache files (index.dat) to extract URLs, timestamps, and cached content for digital forensic analysis.
A library for accessing and parsing Microsoft Internet Explorer cache files (index.dat) to extract URLs, timestamps, and cached content for digital forensic analysis.
A suite of console tools for working with timestamps in Windows with 100-nanosecond precision.
A suite of console tools for working with timestamps in Windows with 100-nanosecond precision.
dc3dd is a patch to the GNU dd program, tailored for forensic acquisition with features like hashing and file verification.
dc3dd is a patch to the GNU dd program, tailored for forensic acquisition with features like hashing and file verification.
A tool for restoring defocused and blurred images with various deconvolution techniques and fast processing capabilities.
A tool for restoring defocused and blurred images with various deconvolution techniques and fast processing capabilities.
XMLStarlet offers a suite of command line utilities for manipulating and querying XML documents.
XMLStarlet offers a suite of command line utilities for manipulating and querying XML documents.
A Forensic Framework for Skype with various investigative options.
A PowerShell-based incident response and live forensic data acquisition tool for Windows hosts.
A PowerShell-based incident response and live forensic data acquisition tool for Windows hosts.
iOSForensic is a Python tool for forensic analysis on iOS devices, extracting files, logs, SQLite3 databases, and .plist files into XML.
iOSForensic is a Python tool for forensic analysis on iOS devices, extracting files, logs, SQLite3 databases, and .plist files into XML.
A free, open source collection of tools for forensic artifact and image analysis.
A free, open source collection of tools for forensic artifact and image analysis.