Skip to main content

Forensic Tools

Forensic Tools

 These are tools for analyzing a breach in security in some way.  Typically they are used for collecting data about the breach after the fact, or analyzing software to see how it performs the attack.  Many reverse engineering tools will be listed here, as well as forensic recovery tools.

 

Other information about Forensic Tools

 

SysTools Software

MailXaminer is a comprehensive email examination tool to carry out a thorough analysis of a bunch of emails and its header. With the help of this tool; forensicators can preview more than 20 email file types and perform advanced search operation within th ...

MailXaminer
Zynamix GmbH

Do you need to analyze multiple variations of essentially the same program ? Do you need to understand the changes between two versions of a program ? Are you trying to detect code theft ? SABRE BinDiff uses a unique graph-theoretical approach to allow co ...

Agent Ransack is a free file search tool for finding files on your PC or network drives. It has a Lite mode, which is FREE for both personal and commercial use but also a Professional mode that includes optional pay-for features. First released in April ...

Agent Ransack

Process monitor is a monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. it combines the features of two legacy Sysinternals utilites, Filemon, Regmon, and adds an extensive list of enhancements including ri ...

Magnet Forensics

Encrypted Disk Detector is a command-line tool that can quickly, and non-intrusively, check for encrypted volumes on a computer system during incident response. The decision can then be made to investigate further and determine whether a live acquisition ...

Encrypted Disk Detector
Free Software Foundation, Inc

GNU Parted is a program for creating, destroying, resizing, checking and copying partitions, and the file systems on them. This is useful for creating space for new operating systems, reorganising disk usage, copying data between hard disks and disk imagi ...

Kroll Ontrack Ltd

Ontrack PowerControls recovers individual mailboxes, messages and attachments without needing to restore the entire backup. Use the powerful search capability to rapidly find the items you need for eDiscovery and compliance. Versions for Exchange, ShareP ...

Ontrack PowerControls
Arne Vidstrom

PMDump is a tool that lets you dump the memory contents of a process to a file without stopping the process. This can be useful in a forensic investigation.

Sanderson Forensics Ltd.

Analyze Skype chat logs, contact lists, SMS messages with SkypeAlyzer a forensic tool designed to work with both the old Skype database files – found in a series of .dbb files and the newer Skype database files (main.db).

SkypeAlyzer
Oxygen Forensics

Oxygen Forensic Detective is an all-in-one forensic software platform built to extract, decode, and analyze data from multiple digital sources: mobile and IoT devices, device backups, UICC and media cards, drones, and cloud services. Oxygen Forensic® Dete ...

Oxygen Forensic Detective
Brian Carrier

Autopsy is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools. It is used by law enforcement, military, and corporate examiners to investigate what happened on a computer. You can even use it to recov ...

Autopsy

MOBILedit Forensic is a phone extractor, data analyzer and report generator all in one solution. A powerful 64-bit application using both the physical and logical data acquisition methods, MOBILedit Forensic is excellent for advanced application analyzer, ...

MOBILedit Forensic
New Technologies Armor, Inc

NTI's forensic software tools are used in security reviews, internal audits and computer related investigations. Some of the tools are also used to identify and eliminate sensitive data leakage in classified government agencies. They are sold separately a ...

U.S. Department of Justice's National Institute of Justice (NIJ), and the National Institute of Standards and Technology (NIST)

The National Software Reference Library (NSRL) is designed to collect software from various sources and incorporate file profiles computed from this software into a Reference Data Set (RDS) of information. The RDS can be used by law enforcement, governmen ...

Mares and Company, LLC

Maresware: The Suite provides an essential set of tools for investigating computer records plus powerful data analysis capabilities. This bundled suite of over 40 separate, highly-targeted programs gives you the flexibility to accomplish a wide variety of ...

Filesig Software Solutions

Simple Carver Suite is a collection of unique tools designed for a number of purposes including but not limited to forensic computing, data recovery and eDiscovery. Simple Carver originally began as a single data recovery tool, a basic file carver which h ...

Simple Carver Suite
Michael Ahrendt

Triage-IR is a script written by Michael Ahrendt, which will collect system information, network information, registry hives, disk information and will also dump memory. One of the capabilities of Triage-IR is collecting information from Volume Shadow Cop ...

Triage-IR
Honeynet Project

A.R.E, the Android Reverse Engineering Virtual Machine. This VirtualBox-ready VM includes the latest Android malware analysis tools as follows: * Androguard * Android sdk/ndk * APKInspector * Apktool * Axmlprinter * Ded * Dex2jar * DroidBox * Ja ...

Lawfully access locked devices with easeBypass pattern, password or PIN locks and overcome encryption challenges quickly on popular Android and iOS devices Support for the broadest range of devicesCollect data from mobile phones, drones, SIM Cards, SD ca ...

Cellebrite UFED

Nuix Evidence Mover is designed to copy evidence files images from one storage location, to antoher. It creates a hash of the files before and after moving to ensure the data has been copied accurately, and to maintain the chain of custody.

Nuix Evidence Mover