Digital Forensics

Binwalk is a firmware analysis tool that enables reverse engineering and extraction of embedded file systems and archives from firmware images.

A command-line forensics tool for tracking and analyzing USB device artifacts and connection history on Linux systems.

A library for accessing and parsing Windows NT Registry File (REGF) format files, designed for digital forensics and registry analysis applications.

Advanced computer forensics software with efficient features.

Toolkit for performing acquisitions on iOS devices with logical and filesystem acquisition support.

PyIOCe is a Python-based OpenIOC editor that enables security professionals to create, edit, and manage Indicators of Compromise for threat intelligence and incident response operations.

PowerForensics is a PowerShell digital forensics framework for hard drive forensic analysis.

Easy-to-use live forensics toolbox for Linux endpoints with various capabilities such as process inspection, memory analysis, and YARA scanning.

A collaborative forensic timeline analysis tool for organizing and analyzing data with rich annotations and comments.

SIFT is a digital forensics toolkit that provides installation management, task execution, and machine image building capabilities for forensic investigations on Ubuntu systems.

Margarita Shotgun is a Python tool that enables remote memory acquisition from target systems through command line interface, supporting Linux distributions and other operating systems via Docker containers.

A reverse engineering tool that extracts and organizes Samsung ODIN3 protocol messages from USB packet captures into human-readable files.

Dissect is a digital forensics & incident response framework that simplifies the analysis of forensic artefacts from various disk and file formats.

Exiv2 is a C++ library and command-line utility for reading, writing, deleting, and modifying Exif, IPTC, XMP, and ICC metadata in image files.

A portable Rust-based tool for acquiring volatile memory from Linux systems without requiring prior knowledge of the target OS distribution or kernel.

A Python-based engine for automatic creation of timelines in digital forensic analysis

Documentation project for Digital Forensics Artifact Repository

Toolkit for post-mortem analysis of Docker runtime environments using forensic HDD copies.

AMExtractor is an Android memory acquisition tool that dumps physical device memory using /dev/kmem without requiring kernel source code.

A Mac OS X computer forensics tool for analyzing system artifacts, user files, and logs with reputation verification and log aggregation capabilities.

Exterro is a data risk management platform that optimizes e-discovery, digital forensics, and cybersecurity compliance operations.

Automated digital image forensics tool

A read-only FUSE driver that enables Linux systems to mount and access Apple File System (APFS) volumes, including encrypted and fusion drives.

A PowerShell module for threat hunting and security analysis through Windows Event Log processing and malicious activity detection.