A cross-platform registry hive editor for forensic analysis with advanced features like hex viewer and reporting engine.
WindowsSCOPE is an incident response tool that performs memory forensics for Windows computers, enabling the identification of all system activity, including processes, threads, and drivers. It supports the latest Windows versions and offers advanced data search capabilities. Additionally, it comes with hardware accessories, CaptureGUARD and Phantom Probe, which provide memory acquisition and magical access to locked computers. The tool offers a cloud rental option and a node-locked version. It is suitable for security breaches and is used by customers in 20 countries. The CaptureGUARD and Phantom Probe accessories provide further functionality, including capturing memory snapshots and accessing locked computers. The CaptureGUARD Express and CaptureGUARD Gateway devices enable memory acquisition and live analysis of systems, even those that are locked.
A cross-platform registry hive editor for forensic analysis with advanced features like hex viewer and reporting engine.
A tool for fixing acquired .evt Windows Event Log files in digital forensics.
Recover event log entries from an image by heuristically looking for record structures.
Diffy is a digital forensics and incident response (DFIR) tool developed by Netflix's Security Intelligence and Response Team (SIRT) for scoping compromises across cloud instances.
Fridump is an open source memory dumping tool using the Frida framework for dumping memory addresses from various platforms.
A high-performance digital forensics exploitation tool for extracting structured information from various inputs without parsing file system structures.