Digital Forensics
Browse 398 digital forensics tools
FEATURED
A command-line tool for analyzing and extracting detailed information from Windows Portable Executable (PE) files.
A digital artifact extraction framework for extracting data from volatile memory (RAM) samples, providing visibility into the runtime state of a system.
A command-line tool that parses Google Protobuf encoded data without schema definitions and displays the content in a readable, colored format.
POFR is a Linux forensic data collection system that captures process execution, file access, and network activity for incident response and compliance analysis.
A tool to remove malicious artifacts from Microsoft Office documents, preventing malware infections and data breaches.
A collection of YARA rules specifically designed for forensic investigations and malware analysis, providing pattern matching capabilities for files and memory dumps.
CIRTKit is a DFIR console built on the Viper Framework that integrates various forensic tools and provides modules for packet analysis, memory analysis, and automated incident response workflows.
Kali Linux is a specialized Linux distribution for cybersecurity professionals, focusing on penetration testing and security auditing.
Modern digital forensics and incident response platform with comprehensive tools.
CHIPSEC is a cross-platform framework for analyzing PC platform security, including hardware, BIOS/UEFI firmware, and low-level system components.
A Golang application that stores and queries NIST NSRL Reference Data Set for MD5 and SHA1 hash lookups using Bolt database technology.
VolatilityBot automates memory dump analysis by extracting executables, detecting code injections, and performing automated malware scanning using YARA and ClamAV.
A cybersecurity tool for collecting and analyzing forensic artifacts on live systems.
Automated DFIR platform for rapid incident investigation and endpoint triage
A Mac OS X forensic utility for ensuring correct forensic procedures during disk imaging.
Open Source computer forensics platform with modular design for easy automation and scripting.
A shell script for basic forensic collection of various artefacts from UNIX systems.
Autopsy is a GUI-based digital forensics platform for analyzing hard drives and smart phones, with a plug-in architecture for custom modules.
TestDisk checks disk partitions and recovers lost partitions, while PhotoRec specializes in recovering lost pictures from digital camera memory or hard disks.
A library for accessing and parsing Extensible Storage Engine (ESE) Database Files used by Microsoft applications like Windows Search, Exchange, and Active Directory for forensic analysis purposes.
Falcon Sandbox is a malware analysis framework that provides in-depth static and dynamic analysis of files, offering hybrid analysis, behavior indicators, and integrations with various security tools.
A tool for extracting files from network traffic based on file signatures with support for various file formats and scalable search algorithm.
