forensic


Home / Tools / forensic

Packages that are used to find data on physical disks or embedded memory.

Tool count: 204

Name Version Description Category Website
aesfix 1.0.1 A tool to find AES key in RAM forensic cracker
aeskeyfind 1.0 A tool to find AES key in RAM forensic cracker
afflib 3.7.19 An extensible open format for the storage of disk images and related forensic information. forensic
aimage 3.2.5 A program to create aff-images. forensic
air 2.0.0 A GUI front-end to dd/dc3dd designed for easily creating forensic images. forensic
analyzemft 133.b6ed04f Parse the MFT file from an NTFS filesystem. forensic
analyzepesig 0.0.0.5 Analyze digital signature of PE file. windows binary forensic
androick 8.522cfb4 A python tool to help in forensics analysis on android. mobile forensic
atstaketools 0.1 This is an archive of various @Stake tools that help perform vulnerability scanning and analysis, information gathering, password auditing, and forensics. windows scanner forensic cracker sniffer recon
autopsy 1:4.21.0 A GUI for The Sleuth Kit. forensic
bios_memimage 1.2 A tool to dump RAM contents to disk (aka cold boot attack). cracker forensic
bmap-tools 3.7 Tool for copying largely sparse files using information from a block map file. forensic
bmc-tools 25.c66a657 RDP Bitmap Cache parser. forensic sniffer
bulk-extractor 1562.1c67a75 Bulk Email and URL extraction tool. forensic misc
canari 3.3.10 A transform framework for maltego forensic recon scanner
captipper 74.3fb2836 Malicious HTTP traffic explorer tool. forensic malware sniffer
casefile 1.0.1 The little brother to Maltego without transforms, but combines graph and link analysis to examine links between manually added data to mind map your information forensic recon scanner
chainsaw v2.7.3.r6.g5d908fd A powerful ‘first-response’ capability to quickly identify threats within Windows event logs. defensive forensic windows
chaosmap 1.3 An information gathering tool and dns / whois / web server scanner forensic scanner recon
chipsec 5:1.13.8.r4.g0b31cc6 Framework for analyzing the security of PC platforms including hardware, system firmware (BIOS/UEFI), and platform components. hardware binary forensic scanner fuzzer
chkrootkit 0.58b Checks for rootkits on a system defensive forensic
chntpw 140201 Offline NT Password Editor - reset passwords in a Windows NT SAM user database file forensic cracker
chromefreak 24.12745b1 A Cross-Platform Forensic Framework for Google Chrome forensic
chromensics 1.0 A Google chrome forensics tool. windows forensic
dc3dd 7.2.646 A patched version of dd that includes a number of features useful for computer forensics. forensic
dcfldd 1.7.1 DCFL (DoD Computer Forensics Lab) dd replacement with hashing forensic
ddrescue 1.28 A data recovery tool. It copies data from one file or block device (hard disc, cdrom, etc) to another, trying to rescue the good parts first in case of read errors. forensic
dff 183.d40d46b A Forensics Framework coming with command line and graphical interfaces. forensic
dfir-ntfs 1.1.19 An NTFS parser for digital forensics & incident response. forensic
dftimewolf 748.beef35f4 Framework for orchestrating forensic collection, processing and data export . forensic
disitool 0.4 Tool to work with Windows executables digital signatures. forensic
dmde 4.2.2.816 Disk Editor and Data Recovery Software. forensic
dmg2img 1.6.7 Convert a (compressed) Apple Disk Images. A CLI tool to uncompress Apple's compressed DMG files to the HFS+ IMG format A CLI tool to uncompress Apple's compressed DMG files to the HFS+ IMG format misc forensic
dshell 142.695c891 A network forensic analysis framework. forensic networking
dumpzilla 03152013 A forensic tool for firefox. forensic
eindeutig 20050628_1 Examine the contents of Outlook Express DBX email repository files (forensic purposes) forensic
emldump 0.0.11 Analyze MIME files. forensic
evtkit 8.af06db3 Fix acquired .evt - Windows Event Log files (Forensics). forensic windows
exiflooter 39.0c9535f Find geolocation on all image urls and directories also integrates with OpenStreetMap. forensic
exiv2 0.27.2 Exif, Iptc and XMP metadata manipulation library and tools forensic defensive
extractusnjrnl 7.362d4290 Tool to extract the $UsnJrnl from an NTFS volume. forensic windows
extundelete 0.2.4 Utility for recovering deleted files from ext2, ext3 or ext4 partitions by parsing the journal forensic
firefox-decrypt 1.1.1.r5.g8a5fdeb Extract passwords from Mozilla Firefox, Waterfox, Thunderbird, SeaMonkey profiles. forensic
foremost 1.5.7 A console program to recover files based on their headers, footers, and internal data structures forensic
fridump 23.3e64ee0 A universal memory dumper using Frida. forensic
fs-nyarl 1.0 A network takeover & forensic analysis tool - useful to advanced PenTest tasks & for fun and profit. scanner networking forensic spoof exploitation sniffer
galleta 20040505_1 Examine the contents of the IE's cookie files for forensic purposes forensic
grokevt 0.5.0 A collection of scripts built for reading Windows NT/2K/XP/2K eventlog files. forensic
guymager 0.8.13 A forensic imager for media acquisition. forensic
hashdb 1089.1da1b9f A block hash toolkit. crypto forensic misc
hashdeep 4.4 Advanced checksum hashing tool. forensic
haystack 1823.c178b5a A Python framework for finding C structures from process memory - heap analysis - Memory structures forensics. binary forensic
imagemounter 413.383b30b Command line utility and Python package to ease the (un)mounting of forensic disk images. forensic misc
indx2csv 17.129a411e An advanced parser for INDX records. forensic windows
indxcarver 5.dee36608 Carve INDX records from a chunk of data. forensic windows
indxparse 198.a977192 A Tool suite for inspecting NTFS artifacts. forensic
interrogate 5.eb5f071 A proof-of-concept tool for identification of cryptographic keys in binary material (regardless of target operating system), first and foremost for memory dump analysis and forensic usage. forensic cracker
iosforensic 1.0 iOS forensic tool https://www.owasp.org/index.php/Projects/OWASP_iOSForensic forensic mobile
ipba2 1:95.c03bd85 IOS Backup Analyzer forensic
iphoneanalyzer 2.1.0 Allows you to forensically examine or recover date from in iOS device. forensic mobile
jefferson v0.4.5.r0.g96dd903 JFFS2 filesystem extraction tool. forensic reversing
jpegdump 0.0.7 Tool to analyzse JPEG images Reads binary files and parses the JPEG markers inside them. binary forensic
lazagne 875.9da4b87 An open source application used to retrieve lots of passwords stored on a local computer. forensic social
ldsview 47.d8bfcaa Offline search tool for LDAP directory dumps in LDIF format. forensic
lfle 24.f28592c Recover event log entries from an image by heurisitically looking for record structures. forensic
libfvde 207.03f12f5 Library and tools to access FileVault Drive Encryption (FVDE) encrypted volumes. forensic
limeaide 305.ce3c9b7 Remotely dump RAM of a Linux client and create a volatility profile for later analysis on your local host. forensic
log-file-parser 60.c7a0ae7e Parser for $LogFile on NTFS. forensic windows
loki-scanner 1255.687e211 Simple IOC and Incident Response Scanner. forensic scanner
mac-robber 1.02 A digital investigation tool that collects data from allocated files in a mounted file system. forensic
magicrescue 1.1.9 Find and recover deleted files on block devices forensic
make-pdf 0.1.7 This tool will embed javascript inside a PDF document. forensic
malheur 0.5.4 A tool for the automatic analyze of malware behavior. forensic malware
maltego 4.8.1 An open source intelligence and forensics application, enabling to easily gather information about DNS, domains, IP addresses, websites, persons, etc. forensic recon scanner
malwaredetect 0.1 Submits a file's SHA1 sum to VirusTotal to determine whether it is a known piece of malware forensic malware
mboxgrep 0.7.9 A small, non-interactive utility that scans mail folders for messages matching regular expressions. It does matching against basic and extended POSIX regular expressions, and reads and writes a variety of mailbox formats. forensic
mdbtools 738.823b32f Utilities for viewing data and exporting schema from Microsoft Access Database files. forensic
memdump 1.01 Dumps system memory to stdout, skipping over holes in memory maps. forensic
memfetch 0.05b Dumps any userspace process memory without affecting its execution. forensic
memimager 1.0 Performs a memory dump using NtSystemDebugControl. windows forensic
mft2csv 40.164eb224 Extract $MFT record info and log it to a csv file. forensic windows
mftcarver 9.7bfcc0a2 Carve $MFT records from a chunk of data (for instance a memory dump). forensic windows
mftrcrd 16.35c3ac2f Command line $MFT record decoder. forensic windows
mftref2name 6.7df9eebb Resolve file index number to name or vice versa on NTFS. A simple tool that just converts MFT reference number to file name and path, or the other way around. forensic windows
mimipenguin 152.880a427 A tool to dump the login password from the current linux user. forensic cracker
mobiusft 1.12 An open-source forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. forensic
mp3nema 0.4 A tool aimed at analyzing and capturing data that is hidden between frames in an MP3 file or stream, otherwise noted as "out of band" data. forensic
ms-sys 2.8.0 A tool to write Win9x-.. master boot records (mbr) under linux - RTM! backdoor binary forensic
munin-hashchecker 239.95b046d Online hash checker for Virustotal and other services defensive forensic
mxtract 90.0b34376 Memory Extractor & Analyzer. forensic
myrescue 0.9.8 A hard disk recovery tool that reads undamaged regions first. forensic
naft 0.0.9 Network Appliance Forensic Toolkit. forensic
netspionage 99.c24f995 Network Forensics CLI utility that performs Network Scanning, OSINT, and Attack Detection. forensic recon scanner
networkminer 2.9 A Network Forensic Analysis Tool for advanced Network Traffic Analysis, sniffer and packet analyzer. forensic sniffer
nfex 2.5 A tool for extracting files from the network in real-time or post-capture from an offline tcpdump pcap savefile. forensic networking
ntdsxtract 34.7fa1c8c Active Directory forensic framework. forensic
ntfs-file-extractor 6.f2b23d72 Extract files off NTFS. forensic windows
ntfs-log-tracker 1:1.6 This tool can parse $LogFile, $UsnJrnl of NTFS. forensic windows
oletools 1:0.54.1 Tools to analyze Microsoft OLE2 files. binary forensic
parse-evtx 3.a4b02b9 A tool to parse the Windows XML Event Log (EVTX) format. forensic
pasco 20040505_1 Examines the contents of Internet Explorer's cache files for forensic purposes forensic
pcapfex 60.c51055a Packet CAPture Forensic Evidence eXtractor. networking forensic
pcapxray 274.1721645 A Network Forensics Tool - To visualize a Packet Capture offline as a Network Diagram including device identification, highlight important communication and file extraction. forensic networking
pdblaster 4.fc8abb3 Extract PDB file paths from large sample sets of executable files. forensic malware
pdf-parser 0.7.9 Parses a PDF document to identify the fundamental elements used in the analyzed file. forensic
pdfbook-analyzer 1:2 Utility for facebook memory forensics. forensic
pdfid 0.2.8 Scan a file to look for certain PDF keywords. forensic
pdfresurrect 0.12 A tool aimed at analyzing PDF documents. forensic
peepdf 0.4.2 A Python tool to explore PDF files in order to find out if the file can be harmful or not forensic malware
periscope 3.2 A PE file inspection tool. windows forensic binary
perl-image-exiftool 13.03 Reader and rewriter of EXIF informations that supports raw files forensic defensive
pev 0.81 Command line based tool for PE32/PE32+ file analysis. forensic reversing
pextractor 0.18b A forensics tool that can extract all files from an executable file created by a joiner or similar. windows forensic binary
pmdump 1.2 A tool that lets you dump the memory contents of a process to a file without stopping the process. windows forensic
pngcheck 3.0.3 Verifies the integrity of PNG, JNG and MNG files by checking the CRCs and decompressing the image data. stego defensive forensic
powermft 5.76574543 Powerful commandline $MFT record editor. forensic windows
python-acquire 3.17.r1.gc284e87 Quickly gather forensic artifacts from disk images or a live system into a lightweight container. forensic
python-dissect.archive 1.4.r0.gd433633 A Dissect module implementing parsers for various archive and backup formats. forensic
python-dissect.btrfs 1.6.r0.gfe4bbda A Dissect module implementing a parser for the btrfs file system. forensic
python-dissect.cim 3.10.r0.g4d1effc A Dissect module implementing a parser for the Windows Common Information Model (CIM) database, used in the Windows operating system. forensic
python-dissect.clfs 1.9.r0.gd3e3b7f A Dissect module implementing a parser for the CLFS (Common Log File System) file system of Windows. forensic
python-dissect.cstruct 4.3.r0.ged1daf2 A Dissect module implementing a parser for C-like structures. forensic
python-dissect.esedb 3.14.r0.gb052185 A Dissect module implementing a parser for Microsofts Extensible Storage Engine Database (ESEDB), used for example in Active Directory, Exchange and Windows Update. forensic
python-dissect.etl 3.10.r0.g23354d6 A Dissect module implementing a parser for Event Trace Log (ETL) files, used by the Windows operating system to log kernel events. forensic
python-dissect.eventlog 3.9.r0.g97fdfd7 A Dissect module implementing parsers for the Windows EVT, EVTX and WEVT log file formats. forensic
python-dissect.evidence 3.10.r0.g852ced4 A Dissect module implementing a parsers for various forensic evidence file containers, currently: AD1, ASDF and EWF. forensic
python-dissect.executable 1.7.r0.g7bf4930 A Dissect module implementing parsers for various executable formats such as PE, ELF and Macho-O. forensic
python-dissect.extfs 3.12.r0.g9b0df29 A Dissect module implementing a parser for the ExtFS file system, the native filesystem for Linux operating systems. forensic
python-dissect.fat 3.11.r0.gfe9d7dc A Dissect module implementing parsers for the FAT and exFAT file systems, commonly used on flash memory based storage devices and UEFI partitions. forensic
python-dissect.ffs 3.10.r0.g498cb70 A Dissect module implementing a parser for the FFS file system, commonly used by BSD operating systems. forensic
python-dissect.fve 4.0.r0.g39523e4 A Dissect module implementing a parsers for full volume encryption implementations, currently Microsoft's Bitlocker Disk Encryption (BDE) and Linux Unified Key Setup (LUKS1 and LUKS2). forensic
python-dissect.hypervisor 3.16.r1.g54a733b A Dissect module implementing parsers for various hypervisor disk, backup and configuration files. forensic
python-dissect.jffs 1.3.r1.gf93add9 A Dissect module implementing a parser for the JFFS2 file system, commonly used by router operating systems. forensic
python-dissect.ntfs 3.13.r0.gef5529b A Dissect module implementing a parser for the NTFS file system, used by the Windows operating system. forensic
python-dissect.ole 3.9.r0.ge21455d A Dissect module implementing a parser for the Object Linking & Embedding (OLE) format, commonly used by document editors on Windows operating systems. forensic
python-dissect.regf 3.11.r0.g94b58df A Dissect module implementing a parser for Windows registry file format, used to store application and OS configuration on Windows operating systems. forensic
python-dissect.shellitem 3.10.r0.g975a812 A Dissect module implementing a parser for the Shellitem structures, commonly used by Microsoft Windows. forensic
python-dissect.sql 3.10.r0.g863d97e A Dissect module implementing a parsers for the SQLite database file format, commonly used by applications to store configuration data. forensic
python-dissect.squashfs 1.8.r0.g16bc3de A Dissect module implementing a parser for the SquashFS file system. forensic
python-dissect.target 3.20.1.r14.g6770095 The Dissect module tying all other Dissect modules together. It provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets). forensic
python-dissect.thumbcache 1.9.r0.gc38995e A Dissect module implementing a parser for windows thumbcache. forensic
python-dissect.util 3.19.r0.g2a9439e A Dissect module implementing various utility functions for the other Dissect modules. forensic
python-dissect.vmfs 3.10.r0.g13e1c48 A Dissect module implementing a parser for the VMFS file system, used by VMware virtualization software. forensic
python-dissect.volume 3.13.r0.gdd3b289 A Dissect module implementing a parser for different disk volume and partition systems, for example LVM2, GPT and MBR. forensic
python-dissect.xfs 3.11.r0.g5e2c336 A Dissect module implementing a parser for the XFS file system, commonly used by RedHat Linux distributions. forensic
python-flow.record 3.18.r2.gb91f216 Recordization library. forensic
python-oletools 1:0.60.2 Tools to analyze Microsoft OLE2 files. binary forensic
python-rekall 1396.041d6964 Memory Forensic Framework. forensic
python2-oletools 1:0.60.2 Tools to analyze Microsoft OLE2 files. binary forensic
python2-peepdf 0.4.2 A Python tool to explore PDF files in order to find out if the file can be harmful or not. forensic malware
python2-rekall 1396.041d6964 Memory Forensic Framework. forensic
rcrdcarver 5.54507d21 Carve RCRD records ($LogFile) from a chunk of data.. forensic windows
recentfilecache-parser 2.5e22518 Python parser for the RecentFileCache.bcf on Windows. forensic
recoverdm 0.20 Recover damaged CD DVD and disks with bad sectors. forensic
recoverjpeg 2.6.3 Recover jpegs from damaged devices. forensic
recuperabit 77.c6f8678 A tool for forensic file system reconstruction. forensic
regipy 2.2.2 Library for parsing offline registry hives. forensic
reglookup 1.0.1 Command line utility for reading and querying Windows NT registries forensic
regreport 1.6 Windows registry forensic analysis tool. windows forensic
regripper 109.bdf7ac2 Open source forensic software used as a Windows Registry data extraction command line or GUI tool. forensic
regrippy 2.0.0 Framework for reading and extracting useful forensics data from Windows registry hives. forensic
regview 1.3 Open raw Windows NT 5 Registry files (Windows 2000 or higher). windows forensic
rekall 1409.55d1925f Memory Forensic Framework. forensic
replayproxy 1.1 Forensic tool to replay web-based attacks (and also general HTTP traffic) that were captured in a pcap file. forensic proxy
rifiuti2 1:0.7.0 A rewrite of rifiuti, a great tool from Foundstone folks for analyzing Windows Recycle Bin INFO2 file. forensic recon
rkhunter 1.4.6 Checks machines for the presence of rootkits and other unwanted tools. forensic defensive
rsakeyfind 1.0 A tool to find RSA key in RAM. cracker forensic
safecopy 1.7 A disk data recovery tool to extract data from damaged media. forensic
scalpel 1:1.1687261 A frugal, high performance file carver forensic
scrounge-ntfs 0.9 Data recovery program for NTFS file systems forensic
secure2csv 10.119eefb0 Decode security descriptors in $Secure on NTFS. forensic windows
shadowexplorer 0.9 Browse the Shadow Copies created by the Windows Vista / 7 / 8 / 10 Volume Shadow Copy Service. forensic windows
skypefreak 33.9347a65 A Cross Platform Forensic Framework for Skype. forensic
sleuthkit 4.12.1 File system and media management forensic analysis tools forensic
snort 2.9.20 A lightweight network intrusion detection system. defensive networking forensic
stegdetect 20.28a4f07 An automated tool for detecting steganographic content in images. stego defensive forensic
stenographer 486.355604b A packet capture solution which aims to quickly spool all packets to disk, then provide simple, fast access to subsets of those packets. sniffer networking forensic
stringsifter 39.33c0cd5 Machine learning tool that automatically ranks strings based on their relevance for malware analysis. binary forensic
swap-digger 51.4d18ce0 A tool used to automate Linux swap analysis during post-exploitation or forensics. forensic
syft 814.5e5312c A CLI tool and go library for generating a Software Bill of Materials (SBOM) from container images and filesystems. forensic
tchunt-ng 208.b8cf7fc Reveal encrypted files stored on a filesystem. forensic crypto
tekdefense-automater 88.42548cf IP URL and MD5 OSINT Analysis forensic
tell-me-your-secrets 1:v2.4.2.r3.g5434b9d Find secrets on any machine from over 120 Different Signatures. code-audit forensic
testdisk 7.2 Checks and undeletes partitions + PhotoRec, signature based recovery tool forensic
thumbcacheviewer 1.0.3.7 Extract Windows thumbcache database files. forensic windows
trid 2.24 An utility designed to identify file types from their binary signatures. forensic binary
truehunter 14.0a2895d Detect TrueCrypt containers using a fast and memory efficient approach. forensic
unblob 24.12.4.r39.gc85a984 Extract files from any kind of container formats. forensic reversing
undbx 0.21.r3.g5e31c75 Extract e-mail messages from Outlook Express DBX files. forensic
unhide 20220611 A forensic tool to find processes hidden by rootkits, LKMs or by other techniques. forensic
usbrip 291.5093c84 USB device artifacts tracker. forensic
usnjrnl2csv 29.1ecbddc Parser for $UsnJrnl on NTFS. forensic windows
usnparser 4.1.5 A Python script to parse the NTFS USN journal. forensic windows
vinetto 0.07beta A forensics tool to examine Thumbs.db files forensic
vipermonkey 1160.511ecd5 A VBA parser and emulation engine to analyze malicious macros. forensic malware
volafox 143.5b42987 Mac OS X Memory Analysis Toolkit. forensic binary
volatility 2.6.1 Advanced memory forensics framework forensic
volatility-extra 92.d9fc072 Volatility plugins developed and maintained by the community. forensic
volatility3 2.7.0 Advanced memory forensics framework forensic
windows-prefetch-parser 88.bc1fa58 Parse Windows Prefetch files. forensic
wmi-forensics 11.0ab08dc Scripts used to find evidence in WMI repositories. forensic
wyd 0.2 Gets keywords from personal files. IT security/forensic tool. cracker forensic
xplico 1:1.2.2 Internet Traffic Decoder. Network Forensic Analysis Tool (NFAT). forensic networking
zipdump 0.0.21 ZIP dump utility. forensic