A curated list of awesome free (mostly open source) forensic analysis tools and resources.
- DFIR – The definitive compendium project - Collection of forensic resources for learning and research. Offers lists of certifications, books, blogs, challenges and more
- dfir.training - Database of forensic resources focused on events, tools and more
- ForensicArtifacts.com Artifact Repository - A machine-readable knowledge base of forensic artifacts
- Forensics tools on Wikipedia
- Free computer forensic tools - Comprehensive list of free computer forensic tools
- bitscout - A LiveCD/LiveUSB for remote forensic acquisition and analysis
- deft - Linux distribution for forensic analysis
- dff - Forensic framework
- PowerForensics - PowerForensics is a framework for live disk forensic analysis
- The Sleuth Kit - Tools for low level forensic analysis
- grr - GRR Rapid Response: remote live forensics for incident response
- mig - Distributed & real time digital forensics at the speed of the cloud
- dc3dd - Improved version of dd
- dcfldd - Different improved version of dd (this version has some bugs!, another version is on github adulau/dcfldd)
- FTK Imager - Free imageing tool for windows
- Guymager - Open source version for disk imageing on linux systems
more at Malware Analysis List
- bstrings - Improved strings utility
- bulk_extractor - Extracts informations like email adresses, creditscard numbers and histrograms of disk images
- floss - Static analysis tool to automatically deobfuscate strings from malware binaries
- photorec - File carving tool
more at Malware Analysis List
- inVtero.net - High speed memory analysis framework developed in .NET supports all Windows x64, includes code integrity and write support.
- KeeFarce - Extract KeePass passwords from memory
- volatility - The memory forensic framework
- VolUtility - Web App for Volatility framework
more at Malware Analysis List, Forensicswiki's Tool List, awesome-pcaptools and Wireshark Tool and Script List
- SiLK Tools - SiLK is a suite of network traffic collection and analysis tools
- Wireshark - The network traffic analysis tool
more at Malware Analysis List
- FastIR Collector - Collect artifacts on windows
- FRED - A cross-platform microsoft registry hive editor
- MFT-Parsers - Comparison of MFT-Parsers
- MFTExtractor - MFT-Parser
- NTFS journal parser
- NTFS USN Journal parser
- RecuperaBit - Reconstruct and recover NTFS data
- python-ntfs - NTFS analysis
- chrome-url-dumper - Dump all local stored infromation collected by Chrome
- hindsight - Internet history forensics for Google Chrome/Chromium
- 0xED - Native hex editor for OS X
- Hexinator - Windows Version of Synalyze It!
- HxD - Small, fast hex editor for Windows
- iBored - Cross platform, sektor based hex editor
- Synalyze It! - Hex editor with templates for binary analysis
- wxHex Editor - Cross platform editor with file comparison
- CyberChef - The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis
- DateDecode - Convert binary data into differnt kinds of date formats
- 010 Editor Templates - Templates for the 010 Editor
- Contruct formats - Parser for different file formats for the python construct package
- HFSPlus Grammars - HFS+ grammars for Synalysis
- Sleuth Kit file system grammars - Grammars for different file systems
- Synalyse It! Grammars - File type grammars for the Synalyze It! editor
- TestDisk grammars - Grammars used by TestDisk and PhotoRec
- WinHex Templates - Grammars for the WinHex editor and X-Ways
- aff4 - AFF4 is an alternative, fast file format
- imagemounter - Command line utility and Python package to ease the (un)mounting of forensic disk images
- libewf - Libewf is a library and some tools to access the Expert Witness Compression Format (EWF, E01)
- xmount - Convert between different disk image formats
- hashcat - Fast password cracker with GPU support
- John the Ripper - Password cracker
- Forensic challanges - Mindmap of forensic challanges
- Training material - Online training material by European Union Agency for Network and Information Security for different topics (e.g. Digital forensics, Network forensics)
- Digital Forensic Challenge Images - Two DFIR challanges with images
- Digital Forensics Tool Testing Images
- FAU Open Research Challenge Digital Forensics
- The CFReDS Project
- @4n6ist
- @4n6k
- @aheadless
- @AppleExaminer - Apple OS X & iOS Digital Forensics
- @blackbagtech
- @carrier4n6 - Brian Carrier, author of Autopsy and the Sleuth Kit
- @CindyMurph - Detective & Digital Forensic Examiner
- @forensikblog - Computer forensic geek
- @HECFBlog - SANS Certified Instructor
- @Hexacorn - DFIR+Malware
- @hiddenillusion
- @iamevltwin - Mac Nerd, Forensic Analyst, Author & Instructor of SANS FOR518
- @jaredcatkinson - PowerShell Forensics
- @maridegrazia - Computer Forensics Examiner
- @sleuthkit
- @williballenthin
- @XWaysGuide
- thisweekin4n6.wordpress.com - Weekly updates for forensics
- /r/computerforensics/ - Subreddit for computer forensics
- ForensicPosters - Posters of file system structures
- Android Security
- AppSec
- CTFs
- Hacking
- Honeypots
- Incident-Response
- Infosec
- Malware Analysis
- Pentesting
- Security
Pull requests and issues with suggestions are welcome!