Digital Forensics
Browse 398 digital forensics tools
FEATURED
A library for read-only access to QEMU Copy-On-Write (QCOW) image files, supporting multiple versions and compression formats for digital forensics analysis.
A reliable end-to-end DFIR solution for boosting cyber incident response and forensics capacity.
A library to access the Expert Witness Compression Format (EWF) for digital forensics and incident response.
A command-line utility for extracting human-readable text from binary files.
A tool that generates YARA rules to search for specific terms within base64-encoded malware samples by enumerating all possible encoding variations.
ELAT (Event Log Analysis Tool) is a tool that helps in analyzing Windows event logs for malware detection.
An image with commonly used tools for creating a pentest environment easily and quickly, with detailed instructions for launching in a VPS.
MFT and USN parser for direct extraction in filesystem timeline format with YARA rule support.
Incident response and digital forensics tool for transforming data sources and logs into graphs.
A software utility with forensic tools for smartphones, offering powerful data extraction and decoding capabilities.
A portable forensic tool that detects encrypted containers like Truecrypt and Veracrypt by analyzing file headers, block cipher patterns, and entropy without external dependencies.
A Live Response collection script for Incident Response that automates the collection of artifacts from various Unix-like operating systems.
A Cross-Platform Forensic Framework for Google Chrome that allows investigation of history, downloads, bookmarks, cookies, and provides a full report.
A cross-platform registry hive editor for forensic analysis with advanced features like hex viewer and reporting engine.
High-performance remote packet capture and collection tool used for forensic analysis in cloud workloads.
A library to access and parse Windows XML Event Log (EVTX) format, useful for digital forensics and incident response.
A library and set of tools for accessing and analyzing storage media devices and partitions for forensic analysis and investigation.
An open source tool that generates YARA rules from installed software on running operating systems for efficient software identification in digital forensic investigations.
A deprecated digital forensics tool by Netflix that helped investigators scope compromises across AWS cloud instances by identifying behavioral differences and outliers during security incidents.
MemLabs provides CTF-styled memory forensics challenges designed to teach students and security researchers how to analyze memory dumps using tools like Volatility.
Docker Explorer is a forensic tool that enables investigators to explore and analyze offline Docker container filesystems by reconstructing layered filesystem structures.
COPS is a YAML-based schema standard for creating collaborative DFIR playbooks that provide structured guidance for incident response processes.
