Forensic Tool
Browse 110 forensic tool tools
FEATURED
A pure Python parser for Windows Event Log (.evtx) files that enables cross-platform forensic analysis of Windows system events.
A pure Python parser for Windows Event Log (.evtx) files that enables cross-platform forensic analysis of Windows system events.
A forensic tool to find hidden processes and TCP/UDP ports by rootkits or other hidden techniques.
A forensic tool to find hidden processes and TCP/UDP ports by rootkits or other hidden techniques.
A discontinued disk imaging utility originally developed by Intel that used block map files for efficient disk image copying operations.
A discontinued disk imaging utility originally developed by Intel that used block map files for efficient disk image copying operations.
A Golang application that stores and queries NIST NSRL Reference Data Set for MD5 and SHA1 hash lookups using Bolt database technology.
A Golang application that stores and queries NIST NSRL Reference Data Set for MD5 and SHA1 hash lookups using Bolt database technology.
Automated DFIR platform for rapid incident investigation and endpoint triage
Automated DFIR platform for rapid incident investigation and endpoint triage
A shell script for basic forensic collection of various artefacts from UNIX systems.
A shell script for basic forensic collection of various artefacts from UNIX systems.
A library for accessing and parsing Extensible Storage Engine (ESE) Database Files used by Microsoft applications like Windows Search, Exchange, and Active Directory for forensic analysis purposes.
A library for accessing and parsing Extensible Storage Engine (ESE) Database Files used by Microsoft applications like Windows Search, Exchange, and Active Directory for forensic analysis purposes.
A library for read-only access to QEMU Copy-On-Write (QCOW) image files, supporting multiple versions and compression formats for digital forensics analysis.
A library for read-only access to QEMU Copy-On-Write (QCOW) image files, supporting multiple versions and compression formats for digital forensics analysis.
A portable forensic tool that detects encrypted containers like Truecrypt and Veracrypt by analyzing file headers, block cipher patterns, and entropy without external dependencies.
A portable forensic tool that detects encrypted containers like Truecrypt and Veracrypt by analyzing file headers, block cipher patterns, and entropy without external dependencies.
Docker Explorer is a forensic tool that enables investigators to explore and analyze offline Docker container filesystems by reconstructing layered filesystem structures.
Docker Explorer is a forensic tool that enables investigators to explore and analyze offline Docker container filesystems by reconstructing layered filesystem structures.
A software that collects forensic artifacts on systems for forensic investigations.
A software that collects forensic artifacts on systems for forensic investigations.
A toolkit for forensic analysis of network appliances with YARA decoding options and frame extraction capabilities.
A toolkit for forensic analysis of network appliances with YARA decoding options and frame extraction capabilities.
wxHexEditor is a free cross-platform hex editor and disk editor for editing binary files, disk devices, and logical drives with data manipulation and checksum calculation features.
wxHexEditor is a free cross-platform hex editor and disk editor for editing binary files, disk devices, and logical drives with data manipulation and checksum calculation features.
DMG2IMG converts Apple compressed DMG archives to standard HFS+ image files supporting zlib, bzip2, and LZFSE compression formats.
DMG2IMG converts Apple compressed DMG archives to standard HFS+ image files supporting zlib, bzip2, and LZFSE compression formats.
