digital-forensics

82 tools and resources

NEW

MasterParser Logo

MasterParser

0 (0)

A comprehensive Linux log analysis tool that streamlines the investigation of security incidents by extracting and organizing critical details from supported log files.

Digital Forensics
Free
digital-forensicsincident-responselinuxlog-analysissecurity-incident-response
DFTimewolf Logo

DFTimewolf

0 (0)

A framework for orchestrating forensic collection, processing, and data export.

Digital Forensics
Free
digital-forensicsforensic-analysisorchestration
dcfldd Logo

dcfldd

0 (0)

A modified version of GNU dd with added features like hashing and fast disk wiping.

Digital Forensics
Free
digital-forensicsforensicsfile-analysishashing
mac_apt Logo

mac_apt

0 (0)

mac_apt is a versatile DFIR tool for processing Mac and iOS images, offering extensive artifact extraction capabilities and cross-platform support.

Digital Forensics
Free
dfirdigital-forensicsincident-responsemacospythonforensic-investigation
Belkasoft Logo

Belkasoft

0 (0)

Belkasoft offers cybersecurity solutions, training, and tools for businesses, law enforcement, and academia.

Digital Forensics
Free
digital-forensicsincident-responseforensic-analysisforensic-tool
CDQR - Cold Disk Quick Response Logo

CDQR - Cold Disk Quick Response

0 (0)

A tool that uses Plaso to parse forensic artifacts and disk images, creating custom reports for easier analysis.

Digital Forensics
Free
digital-forensicsforensic-analysistriageforensic-artifacts
MFTExtractor Logo

MFTExtractor

0 (0)

A tool for parsing and extracting information from the Master File Table of NTFS file systems.

Digital Forensics
Free
ntfsfile-systemforensic-analysisfile-extractiondigital-forensics
ForensicMiner v1.4 Logo

ForensicMiner v1.4

0 (0)

ForensicMiner, Redefine DFIR Automations

Digital Forensics
Free
digital-forensicsdfirpowershellautomationforensic-analysiswindows
Digital Forensics and Incident Response - Third Edition Logo

Digital Forensics and Incident Response - Third Edition

0 (0)

A comprehensive guide to digital forensics and incident response, covering incident response frameworks, digital forensic techniques, and threat intelligence.

Training and Resources
Free
dfirdigital-forensicsincident-responsethreat-intelligencecybersecurityinformation-security
Magnet ACQUIRE Logo

Magnet ACQUIRE

0 (0)

Magnet ACQUIRE offers robust data extraction capabilities for digital forensics investigations, supporting a wide range of devices.

Digital Forensics
Free
digital-forensicscomputer-forensicsforensic-analysis

PassMark OSForensics

0 (0)

Digital investigation tool for extracting forensic data from computers and managing investigations.

Digital Forensics
Free
digital-forensicsdigital-investigationpassword-recoverydata-recoverycase-management
Digital Forensics Artifacts Repository Logo

Digital Forensics Artifacts Repository

0 (0)

A community-sourced repository of digital forensic artifacts in YAML format.

Digital Forensics
Free
digital-forensicsforensicsforensic-artifacts
AChoir Windows Live Artifacts Acquisition Scripting Framework Logo

AChoir Windows Live Artifacts Acquisition Scripting Framework

0 (0)

A framework/scripting tool to standardize and simplify the process of scripting favorite Live Acquisition utilities for Incident Responders.

Digital Forensics
Free
incident-responseforensic-artifactsdigital-forensics
Hindsight Logo

Hindsight

0 (0)

Hindsight is a free tool for analyzing web artifacts from Google Chrome/Chromium browsers and presenting the data in a timeline for forensic analysis.

Digital Forensics
Free
digital-forensicsforensicschrome
Incident Response Techniques for Ransomware Attacks Logo

Incident Response Techniques for Ransomware Attacks

0 (0)

A comprehensive guide to understanding and responding to modern ransomware attacks, covering incident response, cyber threat intelligence, and forensic analysis.

Training and Resources
Free
ransomwareincident-responsecyber-threat-intelligencedigital-forensics
USN-Journal-Parser Logo

USN-Journal-Parser

0 (0)

Python script to parse the NTFS USN Change Journal.

Digital Forensics
Free
digital-forensicsfile-analysispythonscripting
X-Ways Forensics Logo

X-Ways Forensics

0 (0)

Advanced computer forensics software with efficient features.

Digital Forensics
Free
digital-forensicsforensicsfile-recoverydata-recoverycomputer-forensics
PowerForensics Logo

PowerForensics

0 (0)

PowerForensics is a PowerShell digital forensics framework for hard drive forensic analysis.

Digital Forensics
Free
digital-forensicspowershellforensic-analysisfile-system-analysis
Dissect Logo

Dissect

0 (0)

Dissect is a digital forensics & incident response framework that simplifies the analysis of forensic artefacts from various disk and file formats.

Digital Forensics
Free
digital-forensicsincident-responseforensic-analysis
Stegdetect Logo

Stegdetect

0 (0)

Automated tool for detecting steganographic content in images, with F5 detection capabilities.

Data Protection and Cryptography
Free
steganographyimage-analysisforensicsdigital-forensicsimage-processing
Plaso Logo

Plaso

0 (0)

A Python-based engine for automatic creation of timelines in digital forensic analysis

Digital Forensics
Free
digital-forensicsforensic-analysiscomputer-forensics
Digital Forensics Artifact Knowledge Base Logo

Digital Forensics Artifact Knowledge Base

0 (0)

Documentation project for Digital Forensics Artifact Repository

Digital Forensics
Free
digital-forensicsforensic-artifactsforensic-analysis
Exterro Logo

Exterro

0 (0)

Exterro is a data risk management platform that optimizes e-discovery, digital forensics, and cybersecurity compliance operations.

Digital Forensics
Commercial
digital-forensics

Ghiro

0 (0)

Automated digital image forensics tool

Digital Forensics
Free
digital-forensicsimage-analysisforensic-toolopen-sourceimage-processing
bulk_extractor Logo

bulk_extractor

0 (0)

A high-performance digital forensics exploitation tool for extracting structured information from various inputs without parsing file system structures.

Digital Forensics
Free
digital-forensicsfile-analysisfile-carvingfile-extractionfile-systemforensic-analysisforensic-toolhex-dump
Kuiper Digital Investigation Platform Logo

Kuiper Digital Investigation Platform

0 (0)

A digital investigation platform for parsing, searching, and visualizing evidences with advanced analytics capabilities.

Digital Forensics
Free
digital-forensicsdigital-investigationincident-response
ics_mem_collect Logo

ics_mem_collect

0 (0)

Developing APIs to access memory on industrial control system devices.

Digital Forensics
Free
industrial-control-systemsmemory-analysisdigital-forensicsincident-response
c-aff4 Logo

c-aff4

0 (0)

An open source format for storing digital evidence and data, with a C/C++ library for creating, reading, and manipulating AFF4 images.

Digital Forensics
Free
digital-forensicsfile-analysisdigital-evidenceforensic-tool
IPED Digital Forensic Tool Logo

IPED Digital Forensic Tool

0 (0)

An open source digital forensic tool for processing and analyzing digital evidence with high performance and multiplatform support.

Digital Forensics
Free
digital-forensicsforensicsjavadisk-imagefile-system
libvmdk Logo

libvmdk

0 (0)

A library and tools to access and manipulate VMware Virtual Disk (VMDK) files.

Digital Forensics
Free
digital-forensicsincident-responsevirtual-machinefile-analysis
Belkasoft Evidence Center Logo

Belkasoft Evidence Center

0 (0)

Comprehensive digital forensics and incident response platform for law enforcement, corporate, and academic institutions.

Digital Forensics
Free
digital-forensicsincident-responsedigital-evidenceincident-analysisdigital-investigation
hashlookup-forensic-analyser Logo

hashlookup-forensic-analyser

0 (0)

Analyse a forensic target to find and report files found and not found in hashlookup CIRCL public service.

Digital Forensics
Free
digital-forensicsfile-analysiscirclforensic-analysis
dc3dd Logo

dc3dd

0 (0)

dc3dd is a patch to the GNU dd program, tailored for forensic acquisition with features like hashing and file verification.

Digital Forensics
Free
digital-forensicsdata-acquisitionforensic-tooldata-recovery
SkypeFreak Logo

SkypeFreak

0 (0)

A Forensic Framework for Skype with various investigative options.

Digital Forensics
Free
forensic-analysisdigital-forensicsosintincident-response
Art of Memory Forensics Logo

Art of Memory Forensics

0 (0)

A comprehensive guide to memory forensics, covering tools, techniques, and procedures for analyzing volatile memory.

Training and Resources
Free
memory-forensicsmemory-analysisdigital-forensicsincident-response
Skadi Logo

Skadi

0 (0)

A free, open source collection of tools for forensic artifact and image analysis.

Digital Forensics
Free
digital-forensicsforensicsforensic-analysisforensic-tool
Cybereason Defense Platform Logo

Cybereason Defense Platform

0 (0)

Unified defense platform providing endpoint protection, extended detection and response, threat hunting, and digital forensics and incident response.

Endpoint Security
Commercial
endpoint-protectionthreat-huntingdigital-forensicsincident-responsecyber-securitythreat-intelligencesecurity-operations
dfvfs Logo

dfvfs

0 (0)

A digital forensics tool that provides read-only access to file-system objects from various storage media types and file formats.

Digital Forensics
Free
digital-forensicsfile-systemvirtual-file-systemforensic-analysisfile-access
evtkit Logo

evtkit

0 (0)

A tool for fixing acquired .evt Windows Event Log files in digital forensics.

Digital Forensics
Free
digital-forensicsevent-logpython
timeliner Logo

timeliner

0 (0)

A tool with advanced filtering capabilities for analyzing events based on time, path, weekday, and date.

Digital Forensics
Free
cybersecurityincident-responsedigital-forensicsincident-response-tool
DFIRTrack Logo

DFIRTrack

0 (0)

DFIRTrack is an open source web application focused on incident response for handling major incidents with many affected systems, tracking system status, tasks, and artifacts.

Security Operations
Free
dfirincident-responsedigital-forensicsincident-trackingincident-response-toolforensic-analysis
Hoarder Logo

Hoarder

0 (0)

Hoarder is a tool to collect and parse windows artifacts.

Digital Forensics
Free
forensicsincident-responsefile-analysisdigital-forensics
Mac Locations Scraper Logo

Mac Locations Scraper

0 (0)

Dump the contents of the location database files on iOS and macOS with output options like KML and CSV.

Digital Forensics
Free
blue-teamdigital-forensicsdigital-investigationiosmacos
AccessData FTK Imager Logo

AccessData FTK Imager

0 (0)

A digital forensic tool for creating forensic images of computer hard drives and analyzing digital evidence.

Digital Forensics
Free
digital-forensicsforensic-tooldata-acquisitiondigital-evidence
RegRipper 3.0 Logo

RegRipper 3.0

0 (0)

Automated tool for parsing Windows registry hives and extracting valuable information for forensic analysis.

Digital Forensics
Free
digital-forensicswindows-forensicsforensic-analysis
Bitscout Logo

Bitscout

0 (0)

Customizable live OS constructor tool for remote forensics and incident response.

Digital Forensics
Free
incident-responsedigital-forensicsbash
Windows Command Line Cheat Sheet Logo

Windows Command Line Cheat Sheet

0 (0)

A comprehensive Windows command-line reference guide for security professionals, system administrators, and incident responders.

Guides and eBooks
Free
windowscheat-sheetsecurityincident-responsedigital-forensicspenetration-testing
Mobile Verification Toolkit (MVT) Logo

Mobile Verification Toolkit (MVT)

0 (0)

A forensic research tool for gathering forensic traces on Android and iOS devices, supporting the use of public indicators of compromise.

Digital Forensics
Free
iosdigital-forensicscommand-line-tooldigital-investigation
Root the Box Logo

Root the Box

0 (0)

Real-time capture the flag (CTF) scoring engine for computer wargames with a fun game-like environment for learning cybersecurity skills.

Miscellaneous
Free
ctfcapture-the-flagwargamespenetration-testingincident-responsedigital-forensicsthreat-hunting
Acquire Logo

Acquire

0 (0)

A tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container, aiding in digital forensic triage.

Digital Forensics
Free
digital-forensicsforensic-analysisdisk-imagecontainerizationpython
Volatility Web Interface Logo

Volatility Web Interface

0 (0)

Web interface for the Volatility Memory Forensics Framework

Digital Forensics
Free
memory-forensicsvolatilitymemory-analysisforensic-investigationdigital-forensicsmemory-dump
Practical Memory Forensics Logo

Practical Memory Forensics

0 (0)

A practical guide to enhancing digital investigations with cutting-edge memory forensics techniques, covering fundamental concepts, tools, and techniques for memory forensics.

Training and Resources
Free
memory-forensicsincident-responsedigital-forensicscybersecurity
CyLR Logo

CyLR

0 (0)

CyLR is a Live Response Collection tool for quickly and securely collecting forensic artifacts from hosts with NTFS file systems.

Digital Forensics
Free
digital-forensicsforensic-analysisfile-systemwindowslinuxmacos
Volatility 3 Logo

Volatility 3

0 (0)

A digital artifact extraction framework for extracting data from volatile memory (RAM) samples, providing visibility into the runtime state of a system.

Digital Forensics
Free
digital-forensicsmemory-analysisvolatilitymemory-forensics
OfficePurge Logo

OfficePurge

0 (0)

A tool to remove malicious artifacts from Microsoft Office documents, preventing malware infections and data breaches.

Offensive Security
Free
incident-responsedigital-forensics
python-ntfs Logo

python-ntfs

0 (0)

Open source Python library for NTFS analysis

Digital Forensics
Free
digital-forensicsfile-systemntfspythonforensic-analysisfile-system-analysis
CIRTKit Logo

CIRTKit

0 (0)

A DFIR console integrating various cybersecurity tools and frameworks for efficient incident response.

Security Operations
Free
dfirdigital-forensicsincident-responsepacket-analysisjavascriptdeobfuscationvolatilitymemory-analysisscriptingautomation
Kali Logo

Kali

0 (0)

Kali Linux is a specialized Linux distribution for cybersecurity professionals, focusing on penetration testing and security auditing.

Offensive Security
Free
digital-forensicspenetration-testingnetwork-analysisvulnerability-assessmentsecurity-testing
Binalyze AIR Logo

Binalyze AIR

0 (0)

Modern digital forensics and incident response platform with comprehensive tools.

Digital Forensics
Free
digital-forensicsincident-responsedfir
rastrea2r Logo

rastrea2r

0 (0)

A cybersecurity tool for collecting and analyzing forensic artifacts on live systems.

Digital Forensics
Free
digital-forensicsincident-responsethreat-huntingforensic-artifactsforensic-analysis
Cyber Triage Logo

Cyber Triage

0 (0)

Automated Digital Forensics and Incident Response (DFIR) software for rapid incident response and intrusion investigations.

Security Operations
Commercial
digital-forensicsincident-responsedfirmalware-analysisransomware
Digital Forensics Framework (DFF) Logo

Digital Forensics Framework (DFF)

0 (0)

Open Source computer forensics platform with modular design for easy automation and scripting.

Digital Forensics
Free
digital-forensicsincident-responsedigital-investigationcomputer-forensics
unix_collector Logo

unix_collector

0 (0)

A shell script for basic forensic collection of various artefacts from UNIX systems.

Digital Forensics
Free
forensic-analysisunixshell-scriptforensic-tooldigital-forensics
The Sleuth Kit & Autopsy Logo

The Sleuth Kit & Autopsy

0 (0)

Autopsy is a GUI-based digital forensics platform for analyzing hard drives and smart phones, with a plug-in architecture for custom modules.

Digital Forensics
Free
digital-forensicsgui
TestDisk and PhotoRec Logo

TestDisk and PhotoRec

0 (0)

TestDisk checks disk partitions and recovers lost partitions, while PhotoRec specializes in recovering lost pictures from digital camera memory or hard disks.

Data Protection and Cryptography
Free
data-recoveryfile-systemdigital-forensicsfile-analysis
Rifiuti2 Logo

Rifiuti2

0 (0)

Tool for analyzing Windows Recycle Bin INFO2 file

Digital Forensics
Free
windowsfile-analysisforensicsdigital-forensics
Foremost Logo

Foremost

0 (0)

A console program for file recovery through data carving.

Digital Forensics
Free
data-recoveryfile-analysisimage-analysisdigital-forensics
libewf Logo

libewf

0 (0)

A library to access the Expert Witness Compression Format (EWF) for digital forensics and incident response.

Digital Forensics
Free
digital-forensicsincident-responsefile-formatforensic-analysis
strings Logo

strings

0 (0)

A command-line utility for extracting human-readable text from binary files.

Digital Forensics
Free
binary-securityfile-analysishex-dumpbinary-conversionfile-patchingdigital-forensics
ELAT (Event Log Analysis Tool) Logo

ELAT (Event Log Analysis Tool)

0 (0)

ELAT (Event Log Analysis Tool) is a tool that helps in analyzing Windows event logs for malware detection.

SIEM and Log Management
Free
event-log-analysismalware-detectionyarawindows-event-logsincident-responsedigital-forensics
Beagle Logo

Beagle

0 (0)

Incident response and digital forensics tool for transforming data sources and logs into graphs.

Security Operations
Free
incident-responsedigital-forensicsincident-response-toolpython-library
Unix-like Artifacts Collector UAC Logo

Unix-like Artifacts Collector UAC

0 (0)

A Live Response collection script for Incident Response that automates the collection of artifacts from various Unix-like operating systems.

Security Operations
Free
incident-responsescriptforensicsdigital-forensics
libevtx Logo

libevtx

0 (0)

A library to access and parse Windows XML Event Log (EVTX) format, useful for digital forensics and incident response.

Digital Forensics
Free
digital-forensicsincident-responsewindowsevent-logforensic-analysispython
libsmdev Logo

libsmdev

0 (0)

A library and set of tools for accessing and analyzing storage media devices and partitions for forensic analysis and investigation.

Digital Forensics
Free
digital-forensicsforensic-analysisinformation-securityforensic-investigation
Diffy (DEPRECATED) Logo

Diffy (DEPRECATED)

0 (0)

Diffy is a digital forensics and incident response (DFIR) tool developed by Netflix's Security Intelligence and Response Team (SIRT) for scoping compromises across cloud instances.

Digital Forensics
Free
digital-forensicsincident-responsecloud-securityawsosquery
Docker Explorer Logo

Docker Explorer

0 (0)

Forensics tool for exploring offline Docker filesystems.

Digital Forensics
Free
dockerfilesystemforensicscontainer-securityfile-system-analysisdigital-forensics
COPS - Collaborative Open Playbook Standard Logo

COPS - Collaborative Open Playbook Standard

0 (0)

A DFIR Playbook Spec based on YAML for collaborative incident response processes.

Security Operations
Free
dfirincident-responsecybersecuritydigital-forensics
Mac4n6 Group Logo

Mac4n6 Group

0 (0)

A collection of Mac OS X and iOS forensics resources with a focus on artifact collection and collaboration.

Digital Forensics
Free
macosforensicsiosdigital-forensicsmac-os-x
WinSearchDBAnalyzer Logo

WinSearchDBAnalyzer

0 (0)

WinSearchDBAnalyzer can parse and recover records in Windows.edb, providing detailed insights into various data types.

Digital Forensics
Free
windowsfile-analysisdata-recoverydigital-forensics
The Sleuth Kit (TSK) & Autopsy Logo

The Sleuth Kit (TSK) & Autopsy

0 (0)

Open source digital forensics tools for analyzing disk images and recovering files.

Digital Forensics
Free
digital-forensicsfile-recoveryforensic-analysis
Mquery Logo

Mquery

0 (0)

Blazingly fast Yara queries for malware analysts with an analyst-friendly web GUI.

Malware Analysis
Free
malware-analysisyaradockerfile-analysisdigital-forensics
LiMEaide v2.0 Logo

LiMEaide v2.0

0 (0)

Python tool for remotely or locally dumping RAM of a Linux client for digital forensics analysis.

Digital Forensics
Free
digital-forensicslinuxvolatilitymemory-analysisremote-access