Radare2
A powerful reverse engineering framework
libfvde is a library to access FileVault Drive Encryption (FVDE) (or FileVault2) encrypted volumes. It supports various Mac OS X versions and encryption volume types, including removable media volumes and system volumes. The library provides access to encrypted data on a storage media volume. The project is still experimental and has some unsupported Core Storage format features, such as multiple physical volumes. It also has some planned features, including Dokan support and partial encrypted volumes. libfvde is licensed under LGPLv3+ and has a wiki with documentation and building instructions.
A powerful reverse engineering framework
A Mac OS X computer forensics tool for analyzing system artifacts, user files, and logs with reputation verification and log aggregation capabilities.
IE10Analyzer can parse and recover records from WebCacheV01.dat, providing detailed information and conversion capabilities.
WinSearchDBAnalyzer can parse and recover records in Windows.edb, providing detailed insights into various data types.
MFT and USN parser for direct extraction in filesystem timeline format with YARA rule support.
A cross-platform registry hive editor for forensic analysis with advanced features like hex viewer and reporting engine.