| 1 |
Disk Imaging |
dd |
Linux, macOS |
Basic command-line tool for creating bit-for-bit copies of disks. |
| 2 |
Disk Imaging |
dcfldd |
Linux, macOS |
An enhanced version of dd, with features like hashing on-the-fly. |
| 3 |
Disk Imaging |
FTK Imager |
Windows, Linux |
Comprehensive imaging tool, supports disk imaging, preview, and export of data. |
| 4 |
Disk Imaging |
OSFMount |
Windows |
Mounts disk images and supports various image formats. |
| 5 |
Disk Imaging |
Disk Arbitrator |
macOS |
Ensures correct forensic procedures during disk imaging on macOS. |
| 6 |
Memory Analysis |
Volatility Framework |
All |
Python-based framework for analyzing RAM dumps to detect malware and trace system activity. |
| 7 |
Memory Analysis |
LiME |
Linux |
Kernel module for live memory acquisition on Linux systems. |
| 8 |
Memory Analysis |
Magnet RAM Capture |
Windows |
Free tool for capturing physical memory. |
| 9 |
Memory Analysis |
Belkasoft RAM Capturer |
Windows |
Another tool for volatile memory acquisition. |
| 10 |
File Analysis |
Autopsy |
All |
GUI for The Sleuth Kit, providing a broad range of forensic analysis functions. |
| 11 |
File Analysis |
The Sleuth Kit |
All |
Command-line tools for analyzing volume and file systems. |
| 12 |
File Analysis |
Bulk Extractor |
All |
Scans disk images for specific types of data, useful for extracting hidden information. |
| 13 |
File Analysis |
Binwalk |
All |
Tool for analyzing, reverse engineering, and extracting firmware images. |
| 14 |
File Analysis |
Hex Editor Neo |
All |
Hex editor for binary data analysis. |
| 15 |
File Analysis |
ExifTool |
All |
Reads, writes, and edits meta information in a wide variety of file types. |
| 16 |
Network Forensics |
Wireshark |
All |
Network protocol analyzer for live packet capturing and offline analysis. |
| 17 |
Network Forensics |
NetworkMiner |
Windows, Linux, macOS |
Network forensic analysis tool, extracting artifacts from network traffic. |
| 18 |
Network Forensics |
TCPdump |
Linux, macOS |
Command-line packet analyzer to capture network traffic. |
| 19 |
Registry Analysis |
RegRipper |
Windows |
Tool for parsing Windows Registry hives. |
| 20 |
Registry Analysis |
RegRippy |
Windows |
Framework for reading and extracting data from Windows registry hives. |
| 21 |
Live Forensics |
SIFT (SANS) |
Linux |
Ubuntu-based live system for forensic investigations, includes many forensic tools. |
| 22 |
Live Forensics |
PALADIN |
Linux |
Ubuntu-based live distribution for digital forensics with numerous pre-installed tools. |
| 23 |
Live Forensics |
CAINE |
Linux |
Live Linux distribution focused on digital forensics, includes over 80 tools. |
| 24 |
Live Forensics |
Kali Linux |
Linux |
Debian-based distribution with a suite of tools for forensics, penetration testing, and security assessments. |
| 25 |
Mobile Forensics |
Andriller |
Windows, Linux |
Collection of tools for Android forensic acquisition and analysis. |
| 26 |
Mobile Forensics |
iOS Forensic Toolkit |
Windows, macOS, Linux |
Tools for iOS device forensic analysis, available in different OS flavors. |
| 27 |
Mobile Forensics |
UFADE |
Linux, macOS |
Extracts files from iOS devices, creates backups. |
| 28 |
Artifact Collection |
UAC |
All |
Unix-like Artifacts Collector for various Unix-like systems. |
| 29 |
Artifact Collection |
Recon |
All |
Performance-oriented file finder with support for YARA rules and SQL querying. |
| 30 |
Artifact Collection |
ArtifactCollector |
All |
Customizable agent to collect forensic artifacts across different OS. |
| 31 |
Artifact Collection |
ArtifactExtractor |
Windows |
Extracts common Windows artifacts from disk images or Volume Shadow Copies. |
| 32 |
Artifact Collection |
DSi USB Write Blocker |
Windows |
Hardware tool to prevent writes to USB devices during forensic examination. |
| 33 |
Artifact Collection |
USB Historian |
Windows |
Parses USB information from Windows registry for forensic analysis. |
| 34 |
Artifact Collection |
mac_apt |
macOS |
Digital forensics tool for macOS, extracting data from disk images or live machines. |
| 35 |
Artifact Collection |
OSXCollector |
macOS |
Forensic evidence collection toolkit for macOS. |
| 36 |
Timeline Analysis |
Plaso |
All |
Generates super timelines from various data sources for chronological event analysis. |
| 37 |
Timeline Analysis |
log2timeline |
All |
Creates timelines from various log formats for forensic analysis. |
| 38 |
Malware Analysis |
YARA |
All |
Tool for identifying and classifying malware based on rules. |
| 39 |
Malware Analysis |
Ghiro |
All |
Automated tool for digital image forensics, particularly useful for malware analysis. |
| 40 |
Malware Analysis |
FLOSS |
All |
Static analysis tool to deobfuscate strings from malware binaries. |
