Volshell is a utility to access the volatility framework interactively with a specific memory image.
Read more
Tag: Digital forensics
pypykatz – Python implementation of Mimikatz
pypykatz is a cross-platform implementation of Mimikatz written in Python.
Read more
MemProcFS – view physical memory as files in a virtual file system
MemProcFS is an easy and convenient way of viewing physical memory as files in a virtual file system.
Read more
EVTXtract – recovers and reconstructs fragments of EVTX log files
EVTXtract recovers and reconstructs fragments of EVTX log files from raw binary data, including unallocated space and memory images.
Read more
11 Best Free and Open Source Linux Digital Forensics Tools
Digital forensics is a specialist art. It allows investigations to be undertaken without modifying the media.
Read more
iaito – official graphical interface for radare2
iaito is the official graphical interface for radare2, a libre reverse engineering framework.
Read more
Jomon – network forensics and passive sniffer
Jomon is a network forensics and passive sniffer tool. It monitors all incoming/outgoing network traffic, without the use of libpcap
Read more
GRR Rapid Response: remote live forensics for incident response
GRR Rapid Response is an incident response framework focused on remote live forensics.
Read more
MIG: Mozilla InvestiGator – real-time digital forensics and investigation platform
MIG is a platform to perform investigative surgery on remote endpoints. It enables investigators to obtain information from large numbers of systems in parallel.
Read more
The Sleuth Kit – analyze disk images and recover files
The Sleuth Kit (TSK) is a library and collection of command line file and volume system forensic analysis tools.
Read more
The Autopsy Forensic Browser – digital forensics platform
The Autopsy Forensic Browser is a graphical interface to the command line digital investigation tools in The Sleuth Kit.
Read more
Volatility – advanced memory forensics framework
The Volatility Framework is a completely open collection of tools, implemented in Python, for the extraction of digital artifacts from volatile memory (RAM) samples.
Read more
rdd – forensic copy software
rdd is a forensic copy program developed at and used by the Netherlands Forensic Institute (NFI). rdd is a file and device copying utility.
Read more
guymager – forensic imager for media acquisition
The forensic imager contained in this package, guymager, was designed to support different image file formats, to be most user-friendly and to run fast.
Read more
Radare2 – portable reversing framework
Radare2 is a portable reversing framework. It’s both a forensics tool and a debugger.
Read more
dcfldd – enhanced version of dd
dcfldd is an enhanced version of dd with features useful for forensics and security. dcfldd is free and open source software.
Read more