The Sleuth Kit (TSK) & Autopsy
The Sleuth Kit is a collection of command line tools and a C library that allows you to analyze disk images and recover files from them. Autopsy is an easy to use, GUI-based program that allows you to efficiently analyze hard drives and smart phones, with a plug-in architecture for add-on modules in Java or Python.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
A user-friendly and fast Forensic Analysis tool with features like tagging files and generating preview reports.
Recover event log entries from an image by heuristically looking for record structures.
mac_apt is a versatile DFIR tool for processing Mac and iOS images, offering extensive artifact extraction capabilities and cross-platform support.
ShadowCopy Analyzer is a tool for cybersecurity researchers to analyze and utilize the ShadowCopy technology for file recovery and system restoration.
A library to access the Extensible Storage Engine (ESE) Database File (EDB) format used in various Windows applications.
A digital forensic tool for creating forensic images of computer hard drives and analyzing digital evidence.
A tool that uses graph theory to reveal hidden relationships and attack paths in an Active Directory environment.
Toolkit for performing acquisitions on iOS devices with logical and filesystem acquisition support.
IE10Analyzer can parse and recover records from WebCacheV01.dat, providing detailed information and conversion capabilities.
PINNED
Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.