Forensic ToolsRSS

Forensic Tools

 These are tools for analyzing a breach in security in some way.  Typically they are used for collecting data about the breach after the fact, or analyzing software to see how it performs the attack.  Many reverse engineering tools will be listed here, as well as forensic recovery tools.

 

Other information about Forensic Tools

 

SysTools Software

MailXaminer is a comprehensive email examination tool to carry out a thorough analysis of a bunch of emails and its header. With the help of this tool; forensicators can preview more than 20 email file types and perform advanced search operation within th ...

Modified
MailXaminer
Zynamix GmbH
Commercial
Pricing Model

Do you need to analyze multiple variations of essentially the same program ? Do you need to understand the changes between two versions of a program ? Are you trying to detect code theft ? SABRE BinDiff uses a unique graph-theoretical approach to allow co ...

Modified
Commercial
Pricing Model

CD/DVD Inspector reads all major CD and DVD filesystem formats including ISO-9660, Joliet, UDF, HSG, HFS and HFS+.  When the disc being examined contains more than a single filesystem, all filesystems found are displayed.  Multiple filesystems a ...

Modified
CD/DVD Inspector
dtSearch Corp.

Provides over two dozen indexed and unindexed text search options for all popular file types. Supports full-text as well as field searching in all supported file types. Has multiple relevancy-ranking and other search sorting options. dtSearch can instantl ...

Modified
TechnoLogismiki
Freeware
Pricing Model

Hackman 7 is a freeware hex editor and disassembler. It comes with cryptography capabilities, decoding with ready and self-made algorithms and a fully-featured editor. You can edit virtually any file, disk, ZIP drive, Ram Drive, Smart Media, Compact Flash ...

Modified
Hackman
BreakPoint Software, Inc.

The Hex Workshop Hex Editor is a set of hexadecimal development tools for Microsoft Windows, combining advanced binary editing with the ease and flexibility of a word processor. With Hex Workshop you can edit, cut, copy, paste, insert, and delete hex, pri ...

Modified
Commercial
Pricing Model

Keep this life-saving tool handy to recover forgotten passwords quickly whenever needed. Key Benefits 7 password recovery modules for MS Word, Excel, Windows, Outlook Express, and more, combined in one tool Instantly previews password-protected MS Wo ...

Modified
LastBit Software

Using Secret Explorer you will be able to locate hidden information in any Windows-based system. This includes form AutoComplete data offered by Internet Explorer every time you enter something into an form on a web page; various Internet passwords: passw ...

Modified
Secret Explorer
Mares and Company, LLC
COMMERCIAL
Pricing Model

Maresware: The Suite provides an essential set of tools for investigating computer records plus powerful data analysis capabilities. This bundled suite of over 40 separate, highly-targeted programs gives you the flexibility to accomplish a wide variety of ...

Modified
U.S. Department of Justice's National Institute of Justice (NIJ), and the National Institute of Standards and Technology (NIST)
COMMERCIAL
Pricing Model

The National Software Reference Library (NSRL) is designed to collect software from various sources and incorporate file profiles computed from this software into a Reference Data Set (RDS) of information. The RDS can be used by law enforcement, governmen ...

Modified
New Technologies Armor, Inc
COMMERCIAL
Pricing Model

NTI's forensic software tools are used in security reviews, internal audits and computer related investigations. Some of the tools are also used to identify and eliminate sensitive data leakage in classified government agencies. They are sold separately a ...

Modified
sysinternals/Mark Russinovich
Freeware
Pricing Model

The tools included in the PsTools suite, which are downloadable individually or as a package, are: PsExec - execute processes remotely, PsFile - shows files opened remotely, PsGetSid - display the SID of a computer or a user, PsKill - kill processes by na ...

Modified
Craig Wilson
COMMERCIAL
Pricing Model

NetAnalysis will automatically rebuild HTML web pages from an extracted cache, automatically adding the correct location of the graphics allowing you to view the page as the suspect did. NetAnalysis also allows you to easily view JPEG and other pictures t ...

Modified
Pangeia Informatica
GPL
Pricing Model

chkrootkit: shell script that checks system binaries for rootkit modification. 45 rootkits, worms and LKMs are currently detected. The following tests are made: aliens asp bindshell lkm rexedcs sniffer wted scalper slapper z2 amd basename biff chfn chsh ...

Modified
Special Agent Jesse Kornblum
Freeware
Pricing Model

Foremost is a console program to recover files based on their headers, footers, and internal data structures. This process is commonly referred to as data carving. Foremost can work on image files, such as those generated by dd, Safeback, Encase, etc, or ...

Modified
Special Agent Jesse Kornblum
Freeware
Pricing Model

md5deep is a set of programs to compute MD5, SHA-1, SHA-256, Tiger, or Whirlpool message digests on an arbitrary number of files. md5deep is similar to the md5sum program found in the GNU Coreutils package, but has the following additional features: Re ...

Modified
Arne Vidstrom
FREEWARE
Pricing Model

PMDump is a tool that lets you dump the memory contents of a process to a file without stopping the process. This can be useful in a forensic investigation.

Modified
Kroll Ontrack Ltd
Commercial
Pricing Model

Ontrack PowerControls recovers individual mailboxes, messages and attachments without needing to restore the entire backup. Use the powerful search capability to rapidly find the items you need for eDiscovery and compliance. Versions for Exchange, ShareP ...

Modified
Ontrack PowerControls
Free Software Foundation, Inc
GPL
Pricing Model

GNU Parted is a program for creating, destroying, resizing, checking and copying partitions, and the file systems on them. This is useful for creating space for new operating systems, reorganising disk usage, copying data between hard disks and disk imagi ...

Modified
Brian Carrier
FREEWARE
Pricing Model

mac-robber is a digital investigation tool that collects data from allocated files in a mounted file system. This is useful during incident response when analyzing a live system or when analyzing a dead system in a lab. The data can be used by the mactime ...

Modified