Digital Forensics
Browse 307 digital forensics tools
FEATURED
A command-line tool that allows SQL queries to be executed directly on PCAP files for network traffic analysis with support for multiple output formats.
A command-line tool that allows SQL queries to be executed directly on PCAP files for network traffic analysis with support for multiple output formats.
Windows event log fast forensics timeline generator and threat hunting tool.
Windows event log fast forensics timeline generator and threat hunting tool.
An Android-based self-defense application against forensic imaging tools like Cellebrite UFED.
An Android-based self-defense application against forensic imaging tools like Cellebrite UFED.
A static analysis framework for extracting key characteristics from various file formats
A static analysis framework for extracting key characteristics from various file formats
A command-line tool for analyzing and extracting detailed information from Windows Portable Executable (PE) files.
A command-line tool for analyzing and extracting detailed information from Windows Portable Executable (PE) files.
A digital artifact extraction framework for extracting data from volatile memory (RAM) samples, providing visibility into the runtime state of a system.
A digital artifact extraction framework for extracting data from volatile memory (RAM) samples, providing visibility into the runtime state of a system.
A command-line tool that parses Google Protobuf encoded data without schema definitions and displays the content in a readable, colored format.
A command-line tool that parses Google Protobuf encoded data without schema definitions and displays the content in a readable, colored format.
POFR is a Linux forensic data collection system that captures process execution, file access, and network activity for incident response and compliance analysis.
POFR is a Linux forensic data collection system that captures process execution, file access, and network activity for incident response and compliance analysis.
A tool to remove malicious artifacts from Microsoft Office documents, preventing malware infections and data breaches.
A tool to remove malicious artifacts from Microsoft Office documents, preventing malware infections and data breaches.
Open source Python library for NTFS analysis
A collection of YARA rules specifically designed for forensic investigations and malware analysis, providing pattern matching capabilities for files and memory dumps.
A collection of YARA rules specifically designed for forensic investigations and malware analysis, providing pattern matching capabilities for files and memory dumps.
CIRTKit is a DFIR console built on the Viper Framework that integrates various forensic tools and provides modules for packet analysis, memory analysis, and automated incident response workflows.
CIRTKit is a DFIR console built on the Viper Framework that integrates various forensic tools and provides modules for packet analysis, memory analysis, and automated incident response workflows.
Kali Linux is a specialized Linux distribution for cybersecurity professionals, focusing on penetration testing and security auditing.
Kali Linux is a specialized Linux distribution for cybersecurity professionals, focusing on penetration testing and security auditing.
Modern digital forensics and incident response platform with comprehensive tools.
Modern digital forensics and incident response platform with comprehensive tools.
CHIPSEC is a cross-platform framework for analyzing PC platform security, including hardware, BIOS/UEFI firmware, and low-level system components.
CHIPSEC is a cross-platform framework for analyzing PC platform security, including hardware, BIOS/UEFI firmware, and low-level system components.
A Golang application that stores and queries NIST NSRL Reference Data Set for MD5 and SHA1 hash lookups using Bolt database technology.
A Golang application that stores and queries NIST NSRL Reference Data Set for MD5 and SHA1 hash lookups using Bolt database technology.
VolatilityBot automates memory dump analysis by extracting executables, detecting code injections, and performing automated malware scanning using YARA and ClamAV.
VolatilityBot automates memory dump analysis by extracting executables, detecting code injections, and performing automated malware scanning using YARA and ClamAV.
A cybersecurity tool for collecting and analyzing forensic artifacts on live systems.
A cybersecurity tool for collecting and analyzing forensic artifacts on live systems.
Automated DFIR platform for rapid incident investigation and endpoint triage
Automated DFIR platform for rapid incident investigation and endpoint triage
A Mac OS X forensic utility for ensuring correct forensic procedures during disk imaging.
A Mac OS X forensic utility for ensuring correct forensic procedures during disk imaging.
Open Source computer forensics platform with modular design for easy automation and scripting.
Open Source computer forensics platform with modular design for easy automation and scripting.
A shell script for basic forensic collection of various artefacts from UNIX systems.
A shell script for basic forensic collection of various artefacts from UNIX systems.
Autopsy is a GUI-based digital forensics platform for analyzing hard drives and smart phones, with a plug-in architecture for custom modules.
Autopsy is a GUI-based digital forensics platform for analyzing hard drives and smart phones, with a plug-in architecture for custom modules.
