Forensic Tool
Browse 171 forensic tool tools
FEATURED
A library for accessing and parsing Microsoft Internet Explorer cache files (index.dat) to extract URLs, timestamps, and cached content for digital forensic analysis.
dc3dd is a patch to the GNU dd program, tailored for forensic acquisition with features like hashing and file verification.
A free, open source collection of tools for forensic artifact and image analysis.
A user-friendly and fast Forensic Analysis tool with features like tagging files and generating preview reports.
A command-line tool for extracting data from iOS mobile device backups created by iTunes on macOS systems.
A forensics toolkit for collecting digital evidence from Google Cloud Platform, Microsoft Azure, and Amazon Web Services during incident response investigations.
pcapfex is a forensic tool that extracts files from packet capture data by analyzing network traffic and identifying embedded file content.
A digital forensics tool that extracts and exports location database contents from iOS and macOS devices in KML or CSV formats.
Zui is a desktop application for data exploration and analysis that provides drag-and-drop data ingestion, automatic format detection, and interactive querying capabilities for structured and semi-structured data.
A digital forensic tool for creating forensic images of computer hard drives and analyzing digital evidence.
Bitscout is a Bash-based live OS constructor tool for building customizable forensic environments used in remote system triage, malware hunting, and digital forensics investigations.
A command-line string extraction utility for digital forensics that supports ASCII and Unicode string extraction from files and directories with pattern matching and filtering capabilities.
A forensic toolkit for analyzing Android and iOS devices to detect potential spyware infections and security compromises using indicators of compromise.
A pure Python parser for Windows Event Log (.evtx) files that enables cross-platform forensic analysis of Windows system events.
A forensic tool to find hidden processes and TCP/UDP ports by rootkits or other hidden techniques.
A discontinued disk imaging utility originally developed by Intel that used block map files for efficient disk image copying operations.
A Golang application that stores and queries NIST NSRL Reference Data Set for MD5 and SHA1 hash lookups using Bolt database technology.
Automated DFIR platform for rapid incident investigation and endpoint triage
A shell script for basic forensic collection of various artefacts from UNIX systems.
A library for accessing and parsing Extensible Storage Engine (ESE) Database Files used by Microsoft applications like Windows Search, Exchange, and Active Directory for forensic analysis purposes.
A library for read-only access to QEMU Copy-On-Write (QCOW) image files, supporting multiple versions and compression formats for digital forensics analysis.
A portable forensic tool that detects encrypted containers like Truecrypt and Veracrypt by analyzing file headers, block cipher patterns, and entropy without external dependencies.
Docker Explorer is a forensic tool that enables investigators to explore and analyze offline Docker container filesystems by reconstructing layered filesystem structures.
A software that collects forensic artifacts on systems for forensic investigations.
