Digital Forensics
Tools and methodologies for investigating digital incidents and gathering electronic evidence.Explore 224 curated tools and resources
RELATED TASKS
PINNED
Promoted • 6 tools
Want your tool featured here?
Get maximum visibility with pinned placement
LATEST ADDITIONS
ShadowCopy Analyzer is a tool for cybersecurity researchers to analyze and utilize the ShadowCopy technology for file recovery and system restoration.
ShadowCopy Analyzer is a tool for cybersecurity researchers to analyze and utilize the ShadowCopy technology for file recovery and system restoration.
TestDisk is a free data recovery software that can recover lost partitions and undelete files from various file systems.
TestDisk is a free data recovery software that can recover lost partitions and undelete files from various file systems.
A user-friendly and fast Forensic Analysis tool with features like tagging files and generating preview reports.
A user-friendly and fast Forensic Analysis tool with features like tagging files and generating preview reports.
Python script to parse macOS MRU plist files into human-friendly format
Python script to parse macOS MRU plist files into human-friendly format
Analyzing WiFiConfigStore.xml file for digital forensics on Android devices.
Analyzing WiFiConfigStore.xml file for digital forensics on Android devices.
Recover event log entries from an image by heuristically looking for record structures.
Recover event log entries from an image by heuristically looking for record structures.
A digital forensics tool that provides read-only access to file-system objects from various storage media types and file formats.
A digital forensics tool that provides read-only access to file-system objects from various storage media types and file formats.
A tool for fixing acquired .evt Windows Event Log files in digital forensics.
A tool for fixing acquired .evt Windows Event Log files in digital forensics.
A collection of PowerShell modules for artifact gathering and reconnaissance of Windows-based endpoints.
A collection of PowerShell modules for artifact gathering and reconnaissance of Windows-based endpoints.
A command-line tool for extracting data from iOS mobile device backups created by iTunes on macOS systems.
A command-line tool for extracting data from iOS mobile device backups created by iTunes on macOS systems.
Timeliner is a digital forensics tool that rewrites mactime with an advanced expression engine for complex timeline filtering using BPF syntax.
Timeliner is a digital forensics tool that rewrites mactime with an advanced expression engine for complex timeline filtering using BPF syntax.
Create checkpoint snapshots of the state of running pods for later off-line analysis.
Create checkpoint snapshots of the state of running pods for later off-line analysis.
A command-line tool that extracts detailed technical information, metadata, and checksums from JPEG image files with support for multiple output formats.
A command-line tool that extracts detailed technical information, metadata, and checksums from JPEG image files with support for multiple output formats.
Web interface for the Volatility Memory Analysis framework with advanced features.
Web interface for the Volatility Memory Analysis framework with advanced features.
Hoarder is a tool to collect and parse windows artifacts.
LiME is a Linux Memory Extractor tool for acquiring volatile memory from Linux and Linux-based devices, including Android, with features like full memory captures and minimal process footprint.
LiME is a Linux Memory Extractor tool for acquiring volatile memory from Linux and Linux-based devices, including Android, with features like full memory captures and minimal process footprint.
Custom built application for asynchronous forensic data presentation on an Elasticsearch backend, with upcoming features like Docker-based installation and new UI rewrite in React.
Custom built application for asynchronous forensic data presentation on an Elasticsearch backend, with upcoming features like Docker-based installation and new UI rewrite in React.
Powerful tool for searching and hunting through Windows forensic artefacts with support for Sigma detection rules and custom Chainsaw detection rules.
Powerful tool for searching and hunting through Windows forensic artefacts with support for Sigma detection rules and custom Chainsaw detection rules.
A forensics toolkit for collecting digital evidence from Google Cloud Platform, Microsoft Azure, and Amazon Web Services during incident response investigations.
A forensics toolkit for collecting digital evidence from Google Cloud Platform, Microsoft Azure, and Amazon Web Services during incident response investigations.
pcapfex is a forensic tool that extracts files from packet capture data by analyzing network traffic and identifying embedded file content.
pcapfex is a forensic tool that extracts files from packet capture data by analyzing network traffic and identifying embedded file content.
A digital forensics tool that extracts and exports location database contents from iOS and macOS devices in KML or CSV formats.
A digital forensics tool that extracts and exports location database contents from iOS and macOS devices in KML or CSV formats.
Zui is a desktop application for data exploration and analysis that provides drag-and-drop data ingestion, automatic format detection, and interactive querying capabilities for structured and semi-structured data.
Zui is a desktop application for data exploration and analysis that provides drag-and-drop data ingestion, automatic format detection, and interactive querying capabilities for structured and semi-structured data.
A digital forensic tool for creating forensic images of computer hard drives and analyzing digital evidence.
A digital forensic tool for creating forensic images of computer hard drives and analyzing digital evidence.