Skadi
A free, open source collection of tools for forensic artifact and image analysis.
This project is no longer maintained. In December 2011, a new branch within the Volatility project was created to explore how to make the code base more modular, improve performance, and increase usability. This branch was later forked to become Rekall. The modularity allowed physical memory analysis functionality to be used in GRR to enable remote live in-memory analysis. Lessons learned: Rekall has introduced many improvements to memory analysis methodology over the years. For more information see: http://blog.rekall-forensic.com/ Rekall framework allowed for limited modularization due to the nature of interdependent in-memory structure and early architectural decisions. Increasing RAM sizes and security measures like memory encryption are making traditional physical memory analysis more cumbersome. Physical memory analysis is fragile and maintenance heavy. Most physical memory analysis tools are basically kernel debuggers, without access to the source and debug symbols. Most memory analysis therefore can be a costly process of debugging / reverse engineering and keeping debug symbols / structure definitions up to date. Active development on Rekall has been
A free, open source collection of tools for forensic artifact and image analysis.
A digital forensics tool that provides read-only access to file-system objects from various storage media types and file formats.
A library to access and parse OLE 2 Compound File (OLECF) format files.
A command-line tool for extracting detailed information from JPEG files, including image dimensions, compression, and metadata.
A command-line utility and Python package for mounting and unmounting various disk image formats with support for different volume systems and filesystems.
Tool for analyzing Windows Recycle Bin INFO2 file