Digital Forensics Tools
Digital forensics tools whose primary job is to collect, preserve, and analyze evidence after the fact.
Browse 250 digital forensics tools
FEATURED
USE CASES
A package for hiding data inside jpeg files using steganography techniques.
Dependencies is an open-source modern replacement for Dependency Walker that helps Windows developers analyze and troubleshoot DLL load dependency issues.
A Python-based engine for automatic creation of timelines in digital forensic analysis
A framework for orchestrating forensic collection, processing, and data export.
Automated tool for parsing Windows registry hives and extracting valuable information for forensic analysis.
Web interface for the Volatility Memory Analysis framework with advanced features.
Create checkpoint snapshots of the state of running pods for later off-line analysis.
Python tool for remotely or locally dumping RAM of a Linux client for digital forensics analysis.
Recreates the File/Directory tree structure from an extracted $MFT file with detailed record mapping and analysis capabilities.
A command-line tool that parses Google Protobuf encoded data without schema definitions and displays the content in a readable, colored format.
A Mac OS X computer forensics tool for analyzing system artifacts, user files, and logs with reputation verification and log aggregation capabilities.
Toolkit for performing acquisitions on iOS devices with logical and filesystem acquisition support.
A tool for advanced HTTPD logfile security analysis and forensics, implementing various techniques to detect attacks against web applications.
A tool for recovering files by scanning block devices and extracting them based on 'magic bytes' in file contents.
AMExtractor is an Android memory acquisition tool that dumps physical device memory using /dev/kmem without requiring kernel source code.
Analyse a forensic target to find and report files found and not found in hashlookup CIRCL public service.
A tool that visits suspected phishing pages, takes screenshots, and extracts interesting files.
Turbinia is an open-source framework for automating the running of common forensic processing tools to help with processing evidence in the Cloud.
A collaborative forensic timeline analysis tool for organizing and analyzing data with rich annotations and comments.
Stenographer is a high-performance full-packet-capture utility for intrusion detection and incident response purposes.
Rekall is a discontinued project that aimed to improve memory analysis methodology but faced challenges due to the nature of in-memory structure and increasing security measures.
Docker Explorer is a forensic tool that enables investigators to explore and analyze offline Docker container filesystems by reconstructing layered filesystem structures.
A forensics toolkit for collecting digital evidence from Google Cloud Platform, Microsoft Azure, and Amazon Web Services during incident response investigations.
