Explore 82 curated tools and resources
A comprehensive Linux log analysis tool that streamlines the investigation of security incidents by extracting and organizing critical details from supported log files.
A framework for orchestrating forensic collection, processing, and data export.
A modified version of GNU dd with added features like hashing and fast disk wiping.
mac_apt is a versatile DFIR tool for processing Mac and iOS images, offering extensive artifact extraction capabilities and cross-platform support.
Belkasoft offers cybersecurity solutions, training, and tools for businesses, law enforcement, and academia.
A tool that uses Plaso to parse forensic artifacts and disk images, creating custom reports for easier analysis.
A tool for parsing and extracting information from the Master File Table of NTFS file systems.
ForensicMiner, Redefine DFIR Automations
A comprehensive guide to digital forensics and incident response, covering incident response frameworks, digital forensic techniques, and threat intelligence.
Magnet ACQUIRE offers robust data extraction capabilities for digital forensics investigations, supporting a wide range of devices.
Digital investigation tool for extracting forensic data from computers and managing investigations.
A community-sourced repository of digital forensic artifacts in YAML format.
A framework/scripting tool to standardize and simplify the process of scripting favorite Live Acquisition utilities for Incident Responders.
Hindsight is a free tool for analyzing web artifacts from Google Chrome/Chromium browsers and presenting the data in a timeline for forensic analysis.
A comprehensive guide to understanding and responding to modern ransomware attacks, covering incident response, cyber threat intelligence, and forensic analysis.
Python script to parse the NTFS USN Change Journal.
Advanced computer forensics software with efficient features.
PowerForensics is a PowerShell digital forensics framework for hard drive forensic analysis.
Dissect is a digital forensics & incident response framework that simplifies the analysis of forensic artefacts from various disk and file formats.
Automated tool for detecting steganographic content in images, with F5 detection capabilities.
A Python-based engine for automatic creation of timelines in digital forensic analysis
Documentation project for Digital Forensics Artifact Repository
Exterro is a data risk management platform that optimizes e-discovery, digital forensics, and cybersecurity compliance operations.
A high-performance digital forensics exploitation tool for extracting structured information from various inputs without parsing file system structures.
A digital investigation platform for parsing, searching, and visualizing evidences with advanced analytics capabilities.
Developing APIs to access memory on industrial control system devices.
An open source format for storing digital evidence and data, with a C/C++ library for creating, reading, and manipulating AFF4 images.
An open source digital forensic tool for processing and analyzing digital evidence with high performance and multiplatform support.
A library and tools to access and manipulate VMware Virtual Disk (VMDK) files.
Comprehensive digital forensics and incident response platform for law enforcement, corporate, and academic institutions.
Analyse a forensic target to find and report files found and not found in hashlookup CIRCL public service.
dc3dd is a patch to the GNU dd program, tailored for forensic acquisition with features like hashing and file verification.
A Forensic Framework for Skype with various investigative options.
A comprehensive guide to memory forensics, covering tools, techniques, and procedures for analyzing volatile memory.
A free, open source collection of tools for forensic artifact and image analysis.
Unified defense platform providing endpoint protection, extended detection and response, threat hunting, and digital forensics and incident response.
A digital forensics tool that provides read-only access to file-system objects from various storage media types and file formats.
A tool for fixing acquired .evt Windows Event Log files in digital forensics.
A tool with advanced filtering capabilities for analyzing events based on time, path, weekday, and date.
DFIRTrack is an open source web application focused on incident response for handling major incidents with many affected systems, tracking system status, tasks, and artifacts.
Hoarder is a tool to collect and parse windows artifacts.
Dump the contents of the location database files on iOS and macOS with output options like KML and CSV.
A digital forensic tool for creating forensic images of computer hard drives and analyzing digital evidence.
Automated tool for parsing Windows registry hives and extracting valuable information for forensic analysis.
Customizable live OS constructor tool for remote forensics and incident response.
A comprehensive Windows command-line reference guide for security professionals, system administrators, and incident responders.
A forensic research tool for gathering forensic traces on Android and iOS devices, supporting the use of public indicators of compromise.
Real-time capture the flag (CTF) scoring engine for computer wargames with a fun game-like environment for learning cybersecurity skills.
A tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container, aiding in digital forensic triage.
Web interface for the Volatility Memory Forensics Framework
A practical guide to enhancing digital investigations with cutting-edge memory forensics techniques, covering fundamental concepts, tools, and techniques for memory forensics.
CyLR is a Live Response Collection tool for quickly and securely collecting forensic artifacts from hosts with NTFS file systems.
A digital artifact extraction framework for extracting data from volatile memory (RAM) samples, providing visibility into the runtime state of a system.
A tool to remove malicious artifacts from Microsoft Office documents, preventing malware infections and data breaches.
Open source Python library for NTFS analysis
A DFIR console integrating various cybersecurity tools and frameworks for efficient incident response.
Kali Linux is a specialized Linux distribution for cybersecurity professionals, focusing on penetration testing and security auditing.
Modern digital forensics and incident response platform with comprehensive tools.
A cybersecurity tool for collecting and analyzing forensic artifacts on live systems.
Automated Digital Forensics and Incident Response (DFIR) software for rapid incident response and intrusion investigations.
Open Source computer forensics platform with modular design for easy automation and scripting.
A shell script for basic forensic collection of various artefacts from UNIX systems.
Autopsy is a GUI-based digital forensics platform for analyzing hard drives and smart phones, with a plug-in architecture for custom modules.
TestDisk checks disk partitions and recovers lost partitions, while PhotoRec specializes in recovering lost pictures from digital camera memory or hard disks.
Tool for analyzing Windows Recycle Bin INFO2 file
A console program for file recovery through data carving.
A library to access the Expert Witness Compression Format (EWF) for digital forensics and incident response.
A command-line utility for extracting human-readable text from binary files.
ELAT (Event Log Analysis Tool) is a tool that helps in analyzing Windows event logs for malware detection.
Incident response and digital forensics tool for transforming data sources and logs into graphs.
A Live Response collection script for Incident Response that automates the collection of artifacts from various Unix-like operating systems.
A library to access and parse Windows XML Event Log (EVTX) format, useful for digital forensics and incident response.
A library and set of tools for accessing and analyzing storage media devices and partitions for forensic analysis and investigation.
Diffy is a digital forensics and incident response (DFIR) tool developed by Netflix's Security Intelligence and Response Team (SIRT) for scoping compromises across cloud instances.
Forensics tool for exploring offline Docker filesystems.
A DFIR Playbook Spec based on YAML for collaborative incident response processes.
A collection of Mac OS X and iOS forensics resources with a focus on artifact collection and collaboration.
WinSearchDBAnalyzer can parse and recover records in Windows.edb, providing detailed insights into various data types.
Open source digital forensics tools for analyzing disk images and recovering files.
Blazingly fast Yara queries for malware analysts with an analyst-friendly web GUI.
Python tool for remotely or locally dumping RAM of a Linux client for digital forensics analysis.
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
Stay ahead in cybersecurity. Get the week's top cybersecurity news and insights in 8 minutes or less.
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
A cybersecurity platform that offers vulnerability scanning, Windows Defender and 3rd party AV management, and MFA compliance reporting, among other features.
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.