Digital forensics for incident response. Uncover digital evidence to understand and resolve security breaches effectively.
A comprehensive Linux log analysis tool that streamlines the investigation of security incidents by extracting and organizing critical details from supported log files.
A library and tools for accessing and analyzing Linux Logical Volume Manager (LVM) volume system format.
Forensic imaging program with full hash authentication and various acquisition options.
A script for extracting common Windows artifacts from source images and VSCs with detailed dependencies and usage instructions.
A tool with advanced filtering capabilities for analyzing events based on time, path, weekday, and date.
A PowerShell-based incident response and live forensic data acquisition tool for Windows hosts.
Toolkit for performing acquisitions on iOS devices with logical and filesystem acquisition support.
A cross-platform registry hive editor for forensic analysis with advanced features like hex viewer and reporting engine.
Forensics tool for exploring offline Docker filesystems.
TestDisk is a free data recovery software that can recover lost partitions and undelete files from various file systems.
Tool for live forensics acquisition on Windows systems, collecting artefacts for early compromise detection.
A modified version of GNU dd with added features like hashing and fast disk wiping.
Rekall is a discontinued project that aimed to improve memory analysis methodology but faced challenges due to the nature of in-memory structure and increasing security measures.
ID-spoofing NFS client
A library to access the Windows New Technology File System (NTFS) format with read-only support for NTFS versions 3.0 and 3.1.
Collects and organizes Linux OS data for detailed analysis and incident response.
MFT and USN parser for direct extraction in filesystem timeline format with YARA rule support.
Comprehensive digital forensics and incident response platform for law enforcement, corporate, and academic institutions.
Magnet ACQUIRE offers robust data extraction capabilities for digital forensics investigations, supporting a wide range of devices.
