Skip to content

A curated list of awesome forensic analysis tools and resources

License

Notifications You must be signed in to change notification settings

fiuderazes/awesome-forensics

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

58 Commits
 
 
 
 
 
 
 
 

Repository files navigation

Awesome Forensics

Awesome Link Status

A curated list of awesome free (mostly open source) forensic analysis tools and resources.


Collections

Tools

Distributions

  • bitscout - A LiveCD/LiveUSB for remote forensic acquisition and analysis
  • deft - Linux distribution for forensic analysis

Frameworks

  • dff - Forensic framework
  • PowerForensics - PowerForensics is a framework for live disk forensic analysis
  • The Sleuth Kit - Tools for low level forensic analysis

Live forensics

  • grr - GRR Rapid Response: remote live forensics for incident response
  • mig - Distributed & real time digital forensics at the speed of the cloud

Imageing

  • dc3dd - Improved version of dd
  • dcfldd - Different improved version of dd (this version has some bugs!, another version is on github adulau/dcfldd)
  • FTK Imager - Free imageing tool for windows
  • Guymager - Open source version for disk imageing on linux systems

Carving

more at Malware Analysis List

  • bstrings - Improved strings utility
  • bulk_extractor - Extracts informations like email adresses, creditscard numbers and histrograms of disk images
  • floss - Static analysis tool to automatically deobfuscate strings from malware binaries
  • photorec - File carving tool

Memory Forensics

more at Malware Analysis List

  • inVtero.net - High speed memory analysis framework developed in .NET supports all Windows x64, includes code integrity and write support.
  • KeeFarce - Extract KeePass passwords from memory
  • volatility - The memory forensic framework
  • VolUtility - Web App for Volatility framework

Network Forensics

more at Malware Analysis List, Forensicswiki's Tool List, awesome-pcaptools and Wireshark Tool and Script List

  • SiLK Tools - SiLK is a suite of network traffic collection and analysis tools
  • Wireshark - The network traffic analysis tool

Windows Artifacts

more at Malware Analysis List

OS X Forensics

Internet Artifacts

  • chrome-url-dumper - Dump all local stored infromation collected by Chrome
  • hindsight - Internet history forensics for Google Chrome/Chromium

Hex Editors

  • 0xED - Native hex editor for OS X
  • Hexinator - Windows Version of Synalyze It!
  • HxD - Small, fast hex editor for Windows
  • iBored - Cross platform, sektor based hex editor
  • Synalyze It! - Hex editor with templates for binary analysis
  • wxHex Editor - Cross platform editor with file comparison

Binary Converter

  • CyberChef - The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis
  • DateDecode - Convert binary data into differnt kinds of date formats

File Grammars

Disk image handling

  • aff4 - AFF4 is an alternative, fast file format
  • imagemounter - Command line utility and Python package to ease the (un)mounting of forensic disk images
  • libewf - Libewf is a library and some tools to access the Expert Witness Compression Format (EWF, E01)
  • xmount - Convert between different disk image formats

Decryption

Learn forensics

CTFs

Resources

File System Corpora

Twitter

Blogs

Other

Related Awesome Lists

Pull requests and issues with suggestions are welcome!

About

A curated list of awesome forensic analysis tools and resources

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published