Digital Forensics

A robust endpoint security solution that offers data security, network security, and advanced threat prevention, all managed from a single console to protect your devices and data.

PowerGRR is a PowerShell API client library that automates GRR (Google Rapid Response) operations for digital forensics and incident response across multiple operating systems.

Binkit is a binary analysis tool that merged with DarunGrim and incorporates its analysis algorithms, currently in internal testing before official release.

An open source format for storing digital evidence and data, with a C/C++ library for creating, reading, and manipulating AFF4 images.

An open source digital forensic tool for processing and analyzing digital evidence with high performance and multiplatform support.

A Python-based forensic tool for extracting and analyzing browser artifacts from Firefox, Iceweasel, and Seamonkey browsers on Unix and Windows systems.

A Security Information and Event Management (SIEM) system with a focus on security and minimalism.

HoneyDrive is the premier honeypot Linux distro with over 10 pre-installed honeypot software packages and numerous analysis tools.

A library and tools to access and manipulate VMware Virtual Disk (VMDK) files.

A library for accessing and parsing OLE 2 Compound File (OLECF) format files, including Microsoft Office documents and thumbs.db files.

Review of various MFT parsers used in digital forensics for analyzing NTFS file systems.

A digital forensics tool that extracts and analyzes Windows AppCompat and AmCache registry data for enterprise-scale forensic investigations.

A utility package that monitors hard drive health through SMART technology to detect and prevent disk failures before data loss occurs.

Comprehensive digital forensics and incident response platform for law enforcement, corporate, and academic institutions.

Analyse a forensic target to find and report files found and not found in hashlookup CIRCL public service.

A library for accessing and parsing Microsoft Internet Explorer cache files (index.dat) to extract URLs, timestamps, and cached content for digital forensic analysis.

A suite of console tools for working with timestamps in Windows with 100-nanosecond precision.

dc3dd is a patch to the GNU dd program, tailored for forensic acquisition with features like hashing and file verification.

An open source machine code decompiler that converts binary executables into readable C source code across multiple architectures and file formats.

A tool that enables Yara rule execution against compressed malware samples, supporting GZip, BZip2, and LZMA formats without manual decompression.

A Forensic Framework for Skype with various investigative options.

iOSForensic is a Python tool for forensic analysis on iOS devices, extracting files, logs, SQLite3 databases, and .plist files into XML.

A collection of YARA rules designed to identify files containing sensitive information such as usernames, passwords, and credit card numbers for penetration testing and forensic analysis.

A comprehensive guide to memory forensics, covering tools, techniques, and procedures for analyzing volatile memory.