forensic-analysis

58 tools and resources

NEW

DFTimewolf Logo

DFTimewolf

0 (0)

A framework for orchestrating forensic collection, processing, and data export.

Digital Forensics
Free
digital-forensicsforensic-analysisorchestration
Orochi Logo

Orochi

0 (0)

Orochi is a collaborative forensic memory dump analysis framework.

Digital Forensics
Free
forensic-analysismemory-dumpvolatilityelasticsearchdjangoredis
Belkasoft Logo

Belkasoft

0 (0)

Belkasoft offers cybersecurity solutions, training, and tools for businesses, law enforcement, and academia.

Digital Forensics
Free
digital-forensicsincident-responseforensic-analysisforensic-tool
Rekall Logo

Rekall

0 (0)

Rekall is a discontinued project that aimed to improve memory analysis methodology but faced challenges due to the nature of in-memory structure and increasing security measures.

Digital Forensics
Free
memory-analysisforensic-analysisvolatilitymemory-forensics
CDQR - Cold Disk Quick Response Logo

CDQR - Cold Disk Quick Response

0 (0)

A tool that uses Plaso to parse forensic artifacts and disk images, creating custom reports for easier analysis.

Digital Forensics
Free
digital-forensicsforensic-analysistriageforensic-artifacts
MFTExtractor Logo

MFTExtractor

0 (0)

A tool for parsing and extracting information from the Master File Table of NTFS file systems.

Digital Forensics
Free
ntfsfile-systemforensic-analysisfile-extractiondigital-forensics
ForensicMiner v1.4 Logo

ForensicMiner v1.4

0 (0)

ForensicMiner, Redefine DFIR Automations

Digital Forensics
Free
digital-forensicsdfirpowershellautomationforensic-analysiswindows
Magnet ACQUIRE Logo

Magnet ACQUIRE

0 (0)

Magnet ACQUIRE offers robust data extraction capabilities for digital forensics investigations, supporting a wide range of devices.

Digital Forensics
Free
digital-forensicscomputer-forensicsforensic-analysis
Turbinia Logo

Turbinia

0 (0)

Turbinia is an open-source framework for automating the running of common forensic processing tools to help with processing evidence in the Cloud.

Digital Forensics
Free
forensic-analysis
PowerForensics Logo

PowerForensics

0 (0)

PowerForensics is a PowerShell digital forensics framework for hard drive forensic analysis.

Digital Forensics
Free
digital-forensicspowershellforensic-analysisfile-system-analysis
Timesketch Logo

Timesketch

0 (0)

A collaborative forensic timeline analysis tool for organizing and analyzing data with rich annotations and comments.

Digital Forensics
Free
forensic-analysisforensic-tool
Dissect Logo

Dissect

0 (0)

Dissect is a digital forensics & incident response framework that simplifies the analysis of forensic artefacts from various disk and file formats.

Digital Forensics
Free
digital-forensicsincident-responseforensic-analysis
Plaso Logo

Plaso

0 (0)

A Python-based engine for automatic creation of timelines in digital forensic analysis

Digital Forensics
Free
digital-forensicsforensic-analysiscomputer-forensics
Digital Forensics Artifact Knowledge Base Logo

Digital Forensics Artifact Knowledge Base

0 (0)

Documentation project for Digital Forensics Artifact Repository

Digital Forensics
Free
digital-forensicsforensic-artifactsforensic-analysis
Docker Forensics Toolkit Logo

Docker Forensics Toolkit

0 (0)

Toolkit for post-mortem analysis of Docker runtime environments using forensic HDD copies.

Digital Forensics
Free
dockerforensic-analysis
mem Logo

mem

0 (0)

Tool used for dumping memory from Android devices with root access requirement and forensic soundness considerations.

Digital Forensics
Free
memory-dumpingforensic-analysis
bulk_extractor Logo

bulk_extractor

0 (0)

A high-performance digital forensics exploitation tool for extracting structured information from various inputs without parsing file system structures.

Digital Forensics
Free
digital-forensicsfile-analysisfile-carvingfile-extractionfile-systemforensic-analysisforensic-toolhex-dump
IRTriage Logo

IRTriage

0 (0)

Automated collection tool for incident response triage in Windows systems.

Digital Forensics
Free
incident-responseforensic-analysiswindowsmemory-dumping
Dumpzilla Logo

Dumpzilla

0 (0)

Python forensic tool for extracting and analyzing information from Firefox, Iceweasel, and Seamonkey browsers.

Digital Forensics
Free
binary-securityfile-analysishex-dumpbinary-conversionfile-patchingforensic-analysisbrowser-security
OpenRASP Logo

OpenRASP

0 (0)

OpenRASP directly integrates its protection engine into the application server by instrumentation, providing context-aware protection and detailed stack trace logging.

Application Security
Free
appsecapplication-securityinstrumentationforensic-analysisweb-application-securitylinux
hashlookup-forensic-analyser Logo

hashlookup-forensic-analyser

0 (0)

Analyse a forensic target to find and report files found and not found in hashlookup CIRCL public service.

Digital Forensics
Free
digital-forensicsfile-analysiscirclforensic-analysis
nTimetools Logo

nTimetools

0 (0)

A suite of console tools for working with timestamps in Windows with 100-nanosecond precision.

Digital Forensics
Free
windowsforensic-analysisred-teamntfs
SkypeFreak Logo

SkypeFreak

0 (0)

A Forensic Framework for Skype with various investigative options.

Digital Forensics
Free
forensic-analysisdigital-forensicsosintincident-response
iOSForensic Logo

iOSForensic

0 (0)

iOSForensic is a Python tool for forensic analysis on iOS devices, extracting files, logs, SQLite3 databases, and .plist files into XML.

Digital Forensics
Free
iosforensic-analysispython
Yara4Pentesters Logo

Yara4Pentesters

0 (0)

A set of YARA rules for identifying files containing sensitive information

Offensive Security
Free
appsecbinary-securityfile-analysisforensic-analysisincident-responsepentestingyara
Skadi Logo

Skadi

0 (0)

A free, open source collection of tools for forensic artifact and image analysis.

Digital Forensics
Free
digital-forensicsforensicsforensic-analysisforensic-tool
Wombat Forensics Logo

Wombat Forensics

0 (0)

A user-friendly and fast Forensic Analysis tool with features like tagging files and generating preview reports.

Digital Forensics
Free
forensic-analysisfile-analysisforensic-tool
WiFiConfigStore.xml Forensics Logo

WiFiConfigStore.xml Forensics

0 (0)

Analyzing WiFiConfigStore.xml file for digital forensics on Android devices.

Digital Forensics
Free
forensic-analysisfile-analysis
CAPE Logo

CAPE

0 (0)

Malware sandbox for executing malicious files in an isolated environment with advanced features.

Malware Analysis
Free
malware-analysissandboxfile-analysisbehavioral-analysisforensic-analysismalware-detection
dfvfs Logo

dfvfs

0 (0)

A digital forensics tool that provides read-only access to file-system objects from various storage media types and file formats.

Digital Forensics
Free
digital-forensicsfile-systemvirtual-file-systemforensic-analysisfile-access
DFIRTrack Logo

DFIRTrack

0 (0)

DFIRTrack is an open source web application focused on incident response for handling major incidents with many affected systems, tracking system status, tasks, and artifacts.

Security Operations
Free
dfirincident-responsedigital-forensicsincident-trackingincident-response-toolforensic-analysis
LiME Logo

LiME

0 (0)

LiME is a Linux Memory Extractor tool for acquiring volatile memory from Linux and Linux-based devices, including Android, with features like full memory captures and minimal process footprint.

Digital Forensics
Free
memory-acquisitionforensic-analysiskernel-modulememory-forensicslinux
nightHawk Response Logo

nightHawk Response

0 (0)

Custom built application for asynchronous forensic data presentation on an Elasticsearch backend, with upcoming features like Docker-based installation and new UI rewrite in React.

Digital Forensics
Free
elasticsearchforensic-analysis
Chainsaw Logo

Chainsaw

0 (0)

Powerful tool for searching and hunting through Windows forensic artefacts with support for Sigma detection rules and custom Chainsaw detection rules.

Digital Forensics
Free
forensic-analysisevent-logs
RegRipper 3.0 Logo

RegRipper 3.0

0 (0)

Automated tool for parsing Windows registry hives and extracting valuable information for forensic analysis.

Digital Forensics
Free
digital-forensicswindows-forensicsforensic-analysis
Acquire Logo

Acquire

0 (0)

A tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container, aiding in digital forensic triage.

Digital Forensics
Free
digital-forensicsforensic-analysisdisk-imagecontainerizationpython
CyLR Logo

CyLR

0 (0)

CyLR is a Live Response Collection tool for quickly and securely collecting forensic artifacts from hosts with NTFS file systems.

Digital Forensics
Free
digital-forensicsforensic-analysisfile-systemwindowslinuxmacos
SPECTR3 Logo

SPECTR3

0 (0)

Remote Acquisition Tool

Digital Forensics
Free
forensic-analysis
LockUp Logo

LockUp

0 (0)

An Android-based self-defense application against forensic imaging tools like Cellebrite UFED.

Specialized Security
Free
mobile-securityforensic-analysisdevice-securitysecurity-monitoring
Mastiff Logo

Mastiff

0 (0)

A static analysis framework for extracting key characteristics from various file formats

Endpoint Security
Free
binary-securityfile-analysisstatic-analysismalware-analysisforensic-analysis
Penguin OS Forensic (or Flight) Recorder (POFR) Logo

Penguin OS Forensic (or Flight) Recorder (POFR)

0 (0)

Collects and organizes Linux OS data for detailed analysis and incident response.

Digital Forensics
Free
incident-responsethreat-detectioncompliancelinuxforensic-analysisincident-response-tool
python-ntfs Logo

python-ntfs

0 (0)

Open source Python library for NTFS analysis

Digital Forensics
Free
digital-forensicsfile-systemntfspythonforensic-analysisfile-system-analysis
rastrea2r Logo

rastrea2r

0 (0)

A cybersecurity tool for collecting and analyzing forensic artifacts on live systems.

Digital Forensics
Free
digital-forensicsincident-responsethreat-huntingforensic-artifactsforensic-analysis
unix_collector Logo

unix_collector

0 (0)

A shell script for basic forensic collection of various artefacts from UNIX systems.

Digital Forensics
Free
forensic-analysisunixshell-scriptforensic-tooldigital-forensics
libesedb Logo

libesedb

0 (0)

A library to access the Extensible Storage Engine (ESE) Database File (EDB) format used in various Windows applications.

Digital Forensics
Free
exchangewindowsforensic-analysisdatabase-security
tcpxtract Logo

tcpxtract

0 (0)

A tool for extracting files from network traffic based on file signatures with support for various file formats and scalable search algorithm.

Network Security
Free
file-carvingnetwork-traffic-analysisfile-recoveryforensic-analysis
libewf Logo

libewf

0 (0)

A library to access the Expert Witness Compression Format (EWF) for digital forensics and incident response.

Digital Forensics
Free
digital-forensicsincident-responsefile-formatforensic-analysis
Offensive Docker Logo

Offensive Docker

0 (0)

An image with commonly used tools for creating a pentest environment easily and quickly, with detailed instructions for launching in a VPS.

Offensive Security
Free
pentestdockerreconport-scanningweb-scanningfuzzingbrute-forceforensic-analysis
MFTMactime Logo

MFTMactime

0 (0)

MFT and USN parser for direct extraction in filesystem timeline format with YARA rule support.

Digital Forensics
Free
mftfile-systemforensic-analysistriage
Andriller CE (Community Edition) Logo

Andriller CE (Community Edition)

0 (0)

A software utility with forensic tools for smartphones, offering powerful data extraction and decoding capabilities.

Digital Forensics
Free
forensic-analysisdata-extractiondecryption
Forensic Registry EDitor (FRED) Logo

Forensic Registry EDitor (FRED)

0 (0)

A cross-platform registry hive editor for forensic analysis with advanced features like hex viewer and reporting engine.

Digital Forensics
Free
forensic-analysis
PacketStreamer Logo

PacketStreamer

0 (0)

High-performance remote packet capture and collection tool used for forensic analysis in cloud workloads.

Network Security
Free
packet-capturenetwork-trafficforensic-analysisthreat-detection
libevtx Logo

libevtx

0 (0)

A library to access and parse Windows XML Event Log (EVTX) format, useful for digital forensics and incident response.

Digital Forensics
Free
digital-forensicsincident-responsewindowsevent-logforensic-analysispython
libsmdev Logo

libsmdev

0 (0)

A library and set of tools for accessing and analyzing storage media devices and partitions for forensic analysis and investigation.

Digital Forensics
Free
digital-forensicsforensic-analysisinformation-securityforensic-investigation
artifactcollector Logo

artifactcollector

0 (0)

A software that collects forensic artifacts on systems for forensic investigations.

Digital Forensics
Free
forensic-analysisforensic-artifactsforensic-investigationforensic-tool
The Sleuth Kit (TSK) & Autopsy Logo

The Sleuth Kit (TSK) & Autopsy

0 (0)

Open source digital forensics tools for analyzing disk images and recovering files.

Digital Forensics
Free
digital-forensicsfile-recoveryforensic-analysis
DFIR CTF: Precision Widgets of North Dakota Intrusion Logo

DFIR CTF: Precision Widgets of North Dakota Intrusion

0 (0)

A cybersecurity challenge where you play the role of an incident response consultant investigating an intrusion at Precision Widgets of North Dakota.

Training and Resources
Free
dfirctfincident-responseintrusion-detectionincident-analysisforensic-analysis
ir-rescue Logo

ir-rescue

0 (0)

A set of scripts for collecting forensic data from Windows and Unix systems respecting the order of volatility.

Security Operations
Free
incident-responseforensic-analysiswindows-forensicsincident-response-tool