Forensics
Explore 55 curated tools and resources
Search by name, description, or purpose... (⌘+K)
PINNED
Promoted • 6 toolsCommercial
Data Protection
Commercial
Network Security
Commercial
Consulting
Commercial
Application Security
Commercial
Cloud Security
Commercial
Application Security
Want your tool featured here?
Get maximum visibility with pinned placement
LATEST ADDITIONS
A security information and event management solution that collects, normalizes, and analyzes log data from across an organization's infrastructure to enhance threat detection and compliance reporting.
A security information and event management solution that collects, normalizes, and analyzes log data from across an organization's infrastructure to enhance threat detection and compliance reporting.
A powerful reverse engineering framework
A C-based steganographic tool that hides files within WAV audio files using least significant bit encoding techniques.
A C-based steganographic tool that hides files within WAV audio files using least significant bit encoding techniques.
A modified version of GNU dd with added features like hashing and fast disk wiping.
A modified version of GNU dd with added features like hashing and fast disk wiping.
RegRippy is a modern Python 3 alternative to RegRipper for extracting data from Windows registry hives.
A comprehensive Android application analysis tool that provides device management, logcat analysis, file examination, and integration with security frameworks like MobSF and JD-GUI.
A comprehensive Android application analysis tool that provides device management, logcat analysis, file examination, and integration with security frameworks like MobSF and JD-GUI.
Incident response framework focused on remote live forensics
Incident response framework focused on remote live forensics
A repository to aid Windows threat hunters in looking for common artifacts.
A repository to aid Windows threat hunters in looking for common artifacts.
A tool for advanced HTTPD logfile security analysis and forensics, implementing various techniques to detect attacks against web applications.
A community-sourced repository of digital forensic artifacts in YAML format.
A community-sourced repository of digital forensic artifacts in YAML format.
Hindsight is a free tool for analyzing web artifacts from Google Chrome/Chromium browsers and presenting the data in a timeline for forensic analysis.
Hindsight is a free tool for analyzing web artifacts from Google Chrome/Chromium browsers and presenting the data in a timeline for forensic analysis.
A command-line forensics tool for tracking and analyzing USB device artifacts and connection history on Linux systems.
A command-line forensics tool for tracking and analyzing USB device artifacts and connection history on Linux systems.
Advanced computer forensics software with efficient features.
Toolkit for performing acquisitions on iOS devices with logical and filesystem acquisition support.
Toolkit for performing acquisitions on iOS devices with logical and filesystem acquisition support.
PyIOCe is a Python-based OpenIOC editor that enables security professionals to create, edit, and manage Indicators of Compromise for threat intelligence and incident response operations.
PyIOCe is a Python-based OpenIOC editor that enables security professionals to create, edit, and manage Indicators of Compromise for threat intelligence and incident response operations.
Easy-to-use live forensics toolbox for Linux endpoints with various capabilities such as process inspection, memory analysis, and YARA scanning.
Easy-to-use live forensics toolbox for Linux endpoints with various capabilities such as process inspection, memory analysis, and YARA scanning.
SIFT is a digital forensics toolkit that provides installation management, task execution, and machine image building capabilities for forensic investigations on Ubuntu systems.
SIFT is a digital forensics toolkit that provides installation management, task execution, and machine image building capabilities for forensic investigations on Ubuntu systems.
Automated tool for detecting steganographic content in images, with F5 detection capabilities.
Automated tool for detecting steganographic content in images, with F5 detection capabilities.
A Mac OS X computer forensics tool for analyzing system artifacts, user files, and logs with reputation verification and log aggregation capabilities.
A Mac OS X computer forensics tool for analyzing system artifacts, user files, and logs with reputation verification and log aggregation capabilities.
Impost is a powerful network security auditing tool with honey pot and packet sniffer capabilities.
Impost is a powerful network security auditing tool with honey pot and packet sniffer capabilities.
steg86 is a steganographic tool that hides information within x86 and AMD64 binary executables without affecting their performance or file size.
steg86 is a steganographic tool that hides information within x86 and AMD64 binary executables without affecting their performance or file size.
A collection of AWS-native scripts and automation tools for DevSecOps, incident response, and security remediation in cloud environments.
A collection of AWS-native scripts and automation tools for DevSecOps, incident response, and security remediation in cloud environments.
A bash script for automating Linux swap analysis for post-exploitation or forensics purposes.
A bash script for automating Linux swap analysis for post-exploitation or forensics purposes.
A robust endpoint security solution that offers data security, network security, and advanced threat prevention, all managed from a single console to protect your devices and data.
A robust endpoint security solution that offers data security, network security, and advanced threat prevention, all managed from a single console to protect your devices and data.
An open source digital forensic tool for processing and analyzing digital evidence with high performance and multiplatform support.
An open source digital forensic tool for processing and analyzing digital evidence with high performance and multiplatform support.
A Security Information and Event Management (SIEM) system with a focus on security and minimalism.
HoneyDrive is the premier honeypot Linux distro with over 10 pre-installed honeypot software packages and numerous analysis tools.
HoneyDrive is the premier honeypot Linux distro with over 10 pre-installed honeypot software packages and numerous analysis tools.
Review of various MFT parsers used in digital forensics for analyzing NTFS file systems.
Review of various MFT parsers used in digital forensics for analyzing NTFS file systems.
A tool that enables Yara rule execution against compressed malware samples, supporting GZip, BZip2, and LZMA formats without manual decompression.
A tool that enables Yara rule execution against compressed malware samples, supporting GZip, BZip2, and LZMA formats without manual decompression.
A free, open source collection of tools for forensic artifact and image analysis.
A free, open source collection of tools for forensic artifact and image analysis.
BlueTeam.Lab provides Terraform and Ansible scripts to deploy an orchestrated detection laboratory for testing attacks and forensic artifacts in a SOC-like Windows environment.
BlueTeam.Lab provides Terraform and Ansible scripts to deploy an orchestrated detection laboratory for testing attacks and forensic artifacts in a SOC-like Windows environment.
Collection of YARA signatures from recent malware research.
Collection of YARA signatures from recent malware research.
A lightweight bash script IOC scanner for Linux/Unix/macOS systems that detects malicious indicators through hash matching, filename analysis, string searches, and C2 server identification without requiring installation.
A lightweight bash script IOC scanner for Linux/Unix/macOS systems that detects malicious indicators through hash matching, filename analysis, string searches, and C2 server identification without requiring installation.
Timeliner is a digital forensics tool that rewrites mactime with an advanced expression engine for complex timeline filtering using BPF syntax.
Timeliner is a digital forensics tool that rewrites mactime with an advanced expression engine for complex timeline filtering using BPF syntax.
Create checkpoint snapshots of the state of running pods for later off-line analysis.
Create checkpoint snapshots of the state of running pods for later off-line analysis.
Hoarder is a tool to collect and parse windows artifacts.
A digital forensics tool that extracts and exports location database contents from iOS and macOS devices in KML or CSV formats.
A digital forensics tool that extracts and exports location database contents from iOS and macOS devices in KML or CSV formats.
Anti-forensics tool for Red Teamers to erase footprints and test incident response capabilities.
Anti-forensics tool for Red Teamers to erase footprints and test incident response capabilities.
Windows Event Log Analyzer with logon timeline generator and noise reduction for fast forensics.
A command-line tool that allows SQL queries to be executed directly on PCAP files for network traffic analysis with support for multiple output formats.
A command-line tool that allows SQL queries to be executed directly on PCAP files for network traffic analysis with support for multiple output formats.
Windows event log fast forensics timeline generator and threat hunting tool.
Windows event log fast forensics timeline generator and threat hunting tool.
A command-line tool for analyzing and extracting detailed information from Windows Portable Executable (PE) files.
A command-line tool for analyzing and extracting detailed information from Windows Portable Executable (PE) files.
CHIPSEC is a cross-platform framework for analyzing PC platform security, including hardware, BIOS/UEFI firmware, and low-level system components.
CHIPSEC is a cross-platform framework for analyzing PC platform security, including hardware, BIOS/UEFI firmware, and low-level system components.
Tool for analyzing Windows Recycle Bin INFO2 file
Falcon Sandbox is a malware analysis framework that provides in-depth static and dynamic analysis of files, offering hybrid analysis, behavior indicators, and integrations with various security tools.
Falcon Sandbox is a malware analysis framework that provides in-depth static and dynamic analysis of files, offering hybrid analysis, behavior indicators, and integrations with various security tools.
A library for read-only access to QEMU Copy-On-Write (QCOW) image files, supporting multiple versions and compression formats for digital forensics analysis.
A library for read-only access to QEMU Copy-On-Write (QCOW) image files, supporting multiple versions and compression formats for digital forensics analysis.
A reliable end-to-end DFIR solution for boosting cyber incident response and forensics capacity.
A reliable end-to-end DFIR solution for boosting cyber incident response and forensics capacity.
A portable forensic tool that detects encrypted containers like Truecrypt and Veracrypt by analyzing file headers, block cipher patterns, and entropy without external dependencies.
A portable forensic tool that detects encrypted containers like Truecrypt and Veracrypt by analyzing file headers, block cipher patterns, and entropy without external dependencies.
A Live Response collection script for Incident Response that automates the collection of artifacts from various Unix-like operating systems.
A Live Response collection script for Incident Response that automates the collection of artifacts from various Unix-like operating systems.
An open source tool that generates YARA rules from installed software on running operating systems for efficient software identification in digital forensic investigations.
An open source tool that generates YARA rules from installed software on running operating systems for efficient software identification in digital forensic investigations.
A collection of Mac OS X and iOS forensics resources with a focus on artifact collection and collaboration.
A collection of Mac OS X and iOS forensics resources with a focus on artifact collection and collaboration.
Incident Response Documentation tool for tracking findings and tasks.
Incident Response Documentation tool for tracking findings and tasks.
Tool for parsing NTFS journal files, $Logfile, and $MFT.
A Unix-based tool that scans for rootkits and other malware on a system, providing a detailed report of the scan results.
A Unix-based tool that scans for rootkits and other malware on a system, providing a detailed report of the scan results.
