Digital Forensics Tools
Digital forensics tools whose primary job is to collect, preserve, and analyze evidence after the fact.
Browse 250 digital forensics tools
FEATURED
USE CASES
POFR is a Linux forensic data collection system that captures process execution, file access, and network activity for incident response and compliance analysis.
Dissect is a digital forensics & incident response framework that simplifies the analysis of forensic artefacts from various disk and file formats.
A tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container, aiding in digital forensic triage.
A DFVFS backed viewer project with a WxPython GUI, aiming to enhance file extraction and viewing capabilities.
GrokEVT is a tool for reading Windows event log files and converting them to a human-readable format.
Accessing databases stored on a machine by the Chrome browser and dumping URLs found.
A command-line tool that allows SQL queries to be executed directly on PCAP files for network traffic analysis with support for multiple output formats.
Toolkit for post-mortem analysis of Docker runtime environments using forensic HDD copies.
A set of scripts for collecting forensic data from Windows and Unix systems respecting the order of volatility.
High-performance remote packet capture and collection tool used for forensic analysis in cloud workloads.
SwishDbgExt is a Microsoft WinDbg debugging extension that enhances debugging capabilities for kernel developers, troubleshooters, and security experts.
Chaosreader is a tool for ripping files from network sniffing dumps and replaying various protocols and file transfers.
Custom built application for asynchronous forensic data presentation on an Elasticsearch backend, with upcoming features like Docker-based installation and new UI rewrite in React.
Open Source computer forensics platform with modular design for easy automation and scripting.
ShadowCopy Analyzer is a tool for cybersecurity researchers to analyze and utilize the ShadowCopy technology for file recovery and system restoration.
Steganographic Swiss army knife for encoding and decoding data into images.
Timeliner is a digital forensics tool that rewrites mactime with an advanced expression engine for complex timeline filtering using BPF syntax.
RegRippy is a modern Python 3 alternative to RegRipper for extracting data from Windows registry hives.
A modified version of GNU dd with added features like hashing and fast disk wiping.
A portable forensic tool that detects encrypted containers like Truecrypt and Veracrypt by analyzing file headers, block cipher patterns, and entropy without external dependencies.
A Mac OS X forensic utility for ensuring correct forensic procedures during disk imaging.
ALEAPP is a Python-based forensic tool for parsing Android logs, events, and protobuf data with both CLI and GUI interfaces.
