Digital Forensics
23 tools indexed
Digital forensics tools for disk imaging, memory analysis, file carving, log timeline reconstruction, and evidence preservation. Used by incident responders, law enforcement, and security analysts to investigate breaches and recover digital evidence.
Volatility 3
Advanced memory forensics framework. Extracts artifacts from RAM dumps - processes, network connections, registry.
Autopsy
Digital forensics platform with GUI. Disk image analysis, timeline analysis, keyword search, hash filtering.
Ghidra
NSA's reverse engineering framework. Disassembly, decompilation, graphing, and scripting for binary analysis.
Binwalk
Firmware analysis tool. Searches binary images for embedded files, executables, and file systems.
YARA
Pattern matching swiss knife for malware researchers. Create rules to identify and classify malware samples.
Velociraptor
Endpoint visibility and collection tool. Hunt for artifacts across thousands of endpoints simultaneously.
Plaso (log2timeline)
Super timeline creation engine. Extracts timestamps from multiple forensic artifact sources into a single timeline.
Radare2
Portable reversing framework. Disassembly, debugging, analysis, patching, and scripting in a single CLI.
Cutter
GUI for Radare2. Makes reverse engineering accessible with graphs, decompiler, and hex editor built in.
The Sleuth Kit
Collection of command-line tools for forensic analysis of disk images and file systems.
CyLR
Live response collection tool for quickly gathering forensic artifacts from hosts during incident response.
Chainsaw
Rapidly search and hunt through Windows forensic artifacts like event logs, MFT, and Shimcache using Sigma rules.
Hayabusa
Windows event log fast forensics timeline generator and threat hunting tool with built-in Sigma rule support.
oletools
Python tools for analyzing OLE and MS Office files - detect VBA macros, embedded objects, and malicious content.
PE-sieve
Scans running processes for suspicious in-memory modifications including hollowing, hooking, and code injection.
capa
Automatically identify capabilities in executable files - detects techniques like persistence, C2, and anti-analysis.
RegRipper
Windows registry forensic parser. Extracts and decodes forensic artifacts from registry hives with extensible plugins.
bulk_extractor
High-performance forensic data carver. Extracts email addresses, URLs, credit cards, and other artifacts from disk images at speed.
Timesketch
Google's collaborative forensic timeline analysis platform for organizing and annotating investigation events.
Depix
Recover plaintext from pixelized screenshots using De Bruijn sequence matching.
usbrip
Track USB device connection history and generate forensic artifacts on Linux.
Fibratus
Windows kernel event tracing and threat detection tool. Captures process, file, registry, network, and driver events in real-time.
Cowrie
Medium-interaction SSH and Telnet honeypot. Logs brute force attacks, shell interactions, and malware downloads.