Forensic Tools
These are tools for analyzing a breach in security in some way. Typically they are used for collecting data about the breach after the fact, or analyzing software to see how it performs the attack. Many reverse engineering tools will be listed here, as well as forensic recovery tools.
Other information about Forensic Tools
- 8 Articles for Learning Android Mobile Malware Analysis - by Lenny Seltzer of the ISC
Offline NT Password & Registry Editor, Bootdisk Featured
Visit the Product SiteI've put together a single floppy or CD which contains things needed to edit the passwords on most systems. The bootdisk supports standard (dual)IDE controllers, and most SCSI-controllers with the drivers supplied in a separate archive. It does not need ...
BinDiff
Visit the Product SiteDo you need to analyze multiple variations of essentially the same program ? Do you need to understand the changes between two versions of a program ? Are you trying to detect code theft ? SABRE BinDiff uses a unique graph-theoretical approach to allow co ...
Simple Carver Suite
Visit the Product Site
Simple Carver Suite is a collection of unique tools designed for a number of purposes including but not limited to forensic computing, data recovery and eDiscovery. Simple Carver originally began as a single data recovery tool, a basic file carver which h ...
AIR - Automated Image and Restore
Visit the Product SiteAIR is a GUI front-end to dd/dc3dd designed for easily creating forensic images. by Steve Gibson and Nanni Bassetti Features: * auto-detection of IDE and SCSI drives, CD-ROMs, and tape drives * choice of using either dd or dc3dd (Note: dc3d ...
Autopsy
Visit the Product SiteThe Autopsy Forensic Browser is a graphical interface to the command line digital investigation tools in The Sleuth Kit. Together, they allow you to investigate the file system and volumes of a computer. They can analyze Windows and UNIX disks and file s ...
Rifiuti
Visit the Product SiteA Recycle Bin Forensic Analysis Tool. Many important files within Microsoft Windows have structures that are undocumented. One of the principals of computer forensics is that all analysis methodologies must be well documented and repeatable, and they m ...
Scalpel
Visit the Product SiteScalpel is a fast file carver that reads a database of header and footer definitions and extracts matching files from a set of image files or raw device files. Scalpel is filesystem-independent and will carve files from FATx, NTFS, ext2/3, or raw partitio ...
log2timeline
Visit the Product Sitelog2timeline is a framework for automatic creation of a super timeline. The main purpose is to provide a single tool to parse various log files and artifacts found on suspect systems (and supporting systems, such as network equipment) and produce a timeli ...
SkypeAlyzer
Visit the Product SiteSkypeAlyzer Analyse Skype chat logs, contacts lists, SMS messages with SkypeAlyzer a forensics tool designed to work with both the old Skype database files – found in a series of .dbb files and the newer Skype database files (main.db). Use Skype ...
Curuncula
Visit the Product SiteCuruncula is a tool shipped as a loadable kernel module that aims to detect rootkits based on the Intel debugging support facilities. Rootkits that set the GD access flag are also detected. It makes use of the "last branch recording" mechanism provided by ...
ByteBack
Visit the Product SiteThe standard in low-level applications for forensics and recovery has always been ByteBack. Now with version 4, we're even better. The addition of UDMA, ATA & SATA support, with memory management and greater ease and control of Partition and MBR manipulat ...
History Reader for IE 5.x and 6.x
Visit the Product SiteHistory Reader reads all information in the complete history database and presents you a list, either in chronological or alphabetical order. Furthermore, you can open any URL in Internet Explorer ?, add URLs to Favorites, copy URLs, print out or save the ...
CD/DVD Diagnostic
Visit the Product SiteCD/DVD Inspector reads all major CD and DVD filesystem formats including ISO-9660, Joliet, UDF, HFS and HFS+. When the disc being examined contains more than a single filesystem, all filesystems found are displayed. Multiple filesystems are present for hy ...
dtSearch
Visit the Product SiteProvides over two dozen indexed and unindexed text search options for all popular file types. Supports full-text as well as field searching in all supported file types. Has multiple relevancy-ranking and other search sorting options. dtSearch can instantl ...
hackman
Visit the Product SiteHackman 7 is a freeware hex editor and disassembler. It comes with cryptography capabilities, decoding with ready and self-made algorithms and a fully-featured editor. You can edit virtually any file, disk, ZIP drive, Ram Drive, Smart Media, Compact Flash ...
Hex Workshop
Visit the Product SiteThe Hex Workshop Hex Editor is a set of hexadecimal development tools for Microsoft Windows, combining advanced binary editing with the ease and flexibility of a word processor. With Hex Workshop you can edit, cut, copy, paste, insert, and delete hex, pri ...
KaZAlyser
Visit the Product SiteNote: 10-12-2010 I have decided to release my old program KaZAlyser as unsupported software as I still get the very occasional request for it. KaZAlyser is the successor to the popular P2PView KaZaA/Morpheus database viewer. KaZAlyser provides signifi ...
Passware Kit
Visit the Product SiteKeep this life-saving tool handy to recover forgotten passwords quickly whenever needed. Key Benefits * 7 password recovery modules for MS Word, Excel, Windows, Outlook Express, and more, combined in one tool * Instantly previews password-p ...
Secret Explorer
Visit the Product SiteUsing Secret Explorer you will be able to locate hidden information in any Windows-based system. This includes form AutoComplete data offered by Internet Explorer every time you enter something into an form on a web page; various Internet passwords: passw ...
E-mail Examiner
Visit the Product SiteForensically examine the most popular e-mail formats such as America Online (AOL), Outlook Exchange (PST), Eudora, and many others. Paraben's E-mail Examiner is one of the most comprehensive forensically sound e-mail examination tools available. E-mail ...
