Digital forensics is a specialist art. It allows investigations to be undertaken without modifying the media.
Read more
Tag: Digital forensics
Volshell – CLI tool for working with memory
Volshell is a utility to access the volatility framework interactively with a specific memory image.
Read more
pypykatz – Python implementation of Mimikatz
pypykatz is a cross-platform implementation of Mimikatz written in Python.
Read more
MemProcFS – view physical memory as files in a virtual file system
MemProcFS is an easy and convenient way of viewing physical memory as files in a virtual file system.
Read more
EVTXtract – recovers and reconstructs fragments of EVTX log files
EVTXtract recovers and reconstructs fragments of EVTX log files from raw binary data, including unallocated space and memory images.
Read more
iaito – official graphical interface for radare2
iaito is the official graphical interface for radare2, a libre reverse engineering framework.
Read more
Jomon – network forensics and passive sniffer
Jomon is a network forensics and passive sniffer tool. It monitors all incoming/outgoing network traffic, without the use of libpcap
Read more
GRR Rapid Response: remote live forensics for incident response
GRR Rapid Response is an incident response framework focused on remote live forensics.
Read more
MIG: Mozilla InvestiGator – real-time digital forensics and investigation platform
MIG is a platform to perform investigative surgery on remote endpoints. It enables investigators to obtain information from large numbers of systems in parallel.
Read more
The Sleuth Kit – analyze disk images and recover files
The Sleuth Kit (TSK) is a library and collection of command line file and volume system forensic analysis tools.
Read more
The Autopsy Forensic Browser – digital forensics platform
The Autopsy Forensic Browser is a graphical interface to the command line digital investigation tools in The Sleuth Kit.
Read more
Volatility – advanced memory forensics framework
The Volatility Framework is a completely open collection of tools, implemented in Python, for the extraction of digital artifacts from volatile memory (RAM) samples.
Read more
rdd – forensic copy software
rdd is a forensic copy program developed at and used by the Netherlands Forensic Institute (NFI). rdd is a file and device copying utility.
Read more
guymager – forensic imager for media acquisition
The forensic imager contained in this package, guymager, was designed to support different image file formats, to be most user-friendly and to run fast.
Read more
Radare2 – portable reversing framework
Radare2 is a portable reversing framework. It’s both a forensics tool and a debugger.
Read more
dcfldd – enhanced version of dd
dcfldd is an enhanced version of dd with features useful for forensics and security. dcfldd is free and open source software.
Read more