xmlstarlet
XMLStarlet offers a suite of command line utilities for manipulating and querying XML documents.
Stegextract is a Bash script that extracts hidden files and strings from images, supporting PNG, JPG, and GIF formats. It extracts any trailing data after the image's closing bytes and any hidden files embedded within the image. The tool relies on magic numbers, hexdumps, and binary data alone, and does not support Steganography related to color/pixel/filter/LSB. Note that short byte combinations might create false positives, and manual review of the hexdump may be necessary in complex cases.
XMLStarlet offers a suite of command line utilities for manipulating and querying XML documents.
Python script to parse the NTFS USN Change Journal.
A comprehensive incident response tool for Windows computers, providing advanced memory forensics and access to locked systems.
A library to access and manipulate RAW image files.
Autopsy is a GUI-based digital forensics platform for analyzing hard drives and smart phones, with a plug-in architecture for custom modules.
An extensible network forensic analysis framework with deep packet analysis and plugin support.