Forensic Tool

A library for accessing and parsing Microsoft Internet Explorer cache files (index.dat) to extract URLs, timestamps, and cached content for digital forensic analysis.

dc3dd is a patch to the GNU dd program, tailored for forensic acquisition with features like hashing and file verification.

A free, open source collection of tools for forensic artifact and image analysis.

A user-friendly and fast Forensic Analysis tool with features like tagging files and generating preview reports.

A command-line tool for extracting data from iOS mobile device backups created by iTunes on macOS systems.

A forensics toolkit for collecting digital evidence from Google Cloud Platform, Microsoft Azure, and Amazon Web Services during incident response investigations.

pcapfex is a forensic tool that extracts files from packet capture data by analyzing network traffic and identifying embedded file content.

A digital forensics tool that extracts and exports location database contents from iOS and macOS devices in KML or CSV formats.

Zui is a desktop application for data exploration and analysis that provides drag-and-drop data ingestion, automatic format detection, and interactive querying capabilities for structured and semi-structured data.

A digital forensic tool for creating forensic images of computer hard drives and analyzing digital evidence.

Bitscout is a Bash-based live OS constructor tool for building customizable forensic environments used in remote system triage, malware hunting, and digital forensics investigations.

A command-line string extraction utility for digital forensics that supports ASCII and Unicode string extraction from files and directories with pattern matching and filtering capabilities.

A forensic toolkit for analyzing Android and iOS devices to detect potential spyware infections and security compromises using indicators of compromise.

A pure Python parser for Windows Event Log (.evtx) files that enables cross-platform forensic analysis of Windows system events.

A forensic tool to find hidden processes and TCP/UDP ports by rootkits or other hidden techniques.

A discontinued disk imaging utility originally developed by Intel that used block map files for efficient disk image copying operations.

A Golang application that stores and queries NIST NSRL Reference Data Set for MD5 and SHA1 hash lookups using Bolt database technology.

A shell script for basic forensic collection of various artefacts from UNIX systems.

A library for accessing and parsing Extensible Storage Engine (ESE) Database Files used by Microsoft applications like Windows Search, Exchange, and Active Directory for forensic analysis purposes.

A library for read-only access to QEMU Copy-On-Write (QCOW) image files, supporting multiple versions and compression formats for digital forensics analysis.

A portable forensic tool that detects encrypted containers like Truecrypt and Veracrypt by analyzing file headers, block cipher patterns, and entropy without external dependencies.

Docker Explorer is a forensic tool that enables investigators to explore and analyze offline Docker container filesystems by reconstructing layered filesystem structures.

A software that collects forensic artifacts on systems for forensic investigations.

A toolkit for forensic analysis of network appliances with YARA decoding options and frame extraction capabilities.