Forensic ToolsRSS

Forensic Tools

 These are tools for analyzing a breach in security in some way.  Typically they are used for collecting data about the breach after the fact, or analyzing software to see how it performs the attack.  Many reverse engineering tools will be listed here, as well as forensic recovery tools.

 

Other information about Forensic Tools

 

Freeware
Pricing Model

WinHex is in its core a universal hexadecimal editor, particularly helpful in the realm of computer forensics, data recovery, low-level data processing, and IT security. An advanced tool for everyday and emergency use: inspect and edit all kinds of files, ...

Modified
WinHex
Commercial
Pricing Model

IDA Pro as a disassembler is capable of creating maps of their execution to show the binary instructions that are actually executed by the processor in a symbolic representation (assembly language). Advanced techniques have been implemented into IDA Pro s ...

Modified
IDA Pro Disassembler
Oleh Yuschuk
SHAREWARE
Pricing Model

OllyDbg is a 32-bit assembler level analysing debugger for Microsoft Windows. Emphasis on binary code analysis makes it particularly useful in cases where source is unavailable. OllyDbg is a shareware, but you can download and use it for free. Special hig ...

Modified
Giuseppe Cocomazzi
Open Source
Pricing Model

Curuncula is a tool shipped as a loadable kernel module that aims to detect rootkits based on the Intel debugging support facilities. Rootkits that set the GD access flag are also detected. It makes use of the "last branch recording" mechanism provided by ...

Modified
Curuncula
Filesig Software Solutions
Commercial
Pricing Model

Simple Carver Suite is a collection of unique tools designed for a number of purposes including but not limited to forensic computing, data recovery and eDiscovery. Simple Carver originally began as a single data recovery tool, a basic file carver which h ...

Modified
Simple Carver Suite
Sanderson Forensics Ltd.
Commercial
Pricing Model

Analyze Skype chat logs, contact lists, SMS messages with SkypeAlyzer a forensic tool designed to work with both the old Skype database files – found in a series of .dbb files and the newer Skype database files (main.db).

Modified
SkypeAlyzer
Centrifuge Analytics
Limited Free Trial
Pricing Model

 Centrifuge Analytics makes it easy to harness the power of your data, visualize discoveries, collaborate to draw conclusions and make effective predictions that will have an immediate impact to your organization. Data Discovery Not Data Processing ...

Modified
Yago Jesus and Patrick Gouin
Open Source
Pricing Model

Unhide is a forensic tool to find hidden processes and TCP/UDP ports by rootkits / LKMs or by another hidden technique. // Unhide (ps) Detecting hidden processes. Implements six techniques * Compare /proc vs /bin/ps output * Compare inf ...

Modified
Open Source
Pricing Model

AIR is a GUI front-end to dd/dc3dd designed for easily creating forensic images. by Steve Gibson and Nanni Bassetti Features: * auto-detection of IDE and SCSI drives, CD-ROMs, and tape drives * choice of using either dd or dc3dd (Note: dc3d ...

ModifiedNever
Kristinn Gudjonsson

log2timeline is a framework for automatic creation of a super timeline. The main purpose is to provide a single tool to parse various log files and artifacts found on suspect systems (and supporting systems, such as network equipment) and produce a timeli ...

ModifiedNever
Golden G. Richard III

Scalpel is a fast file carver that reads a database of header and footer definitions and extracts matching files from a set of image files or raw device files. Scalpel is filesystem-independent and will carve files from FATx, NTFS, ext2/3, or raw partitio ...

Modified

Rifiuti2 analyses recycle bin files from Windows. Rifiuti2 can extract file deletion time, original path and size of deleted files. For more ancient versions of Windows, it can also check whether deleted items were not in recycle bin anymore (that is, eit ...

Modified
Rifiuti2
Brian Carrier

Autopsy is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools. It is used by law enforcement, military, and corporate examiners to investigate what happened on a computer. You can even use it to recov ...

Modified
Autopsy
Honeynet Project

A.R.E, the Android Reverse Engineering Virtual Machine. This VirtualBox-ready VM includes the latest Android malware analysis tools as follows: * Androguard * Android sdk/ndk * APKInspector * Apktool * Axmlprinter * Ded * Dex2jar * DroidBox * Ja ...

ModifiedNever

DroidBox is developed to offer dynamic analysis of Android applications. The following information is described in the results, generated when analysis is complete: Hashes for the analyzed package Incoming/outgoing network data File read and write op ...

Modified
DroidBox

A powerful tool for analyzers to analyze the Android malware samples manually.   The important features of our tool are listed as follows: (1) Graph-based UI displaying control flow of the code. (2) Links from graph view to source view. (3) Func ...

Modified
APKinspector
Anthony Desnos

  Androguard (Android Guard) is a tool written in python to play with : .class (Java virtual machine) .dex (Dalvik virtual machine) APK (Android application) JAR (Java application) Android's binary xml   Androguard has the following ...

Modified
Androguard

It is a tool for reengineering 3rd party, closed, binary Android apps. It can decode resources to nearly original form and rebuild them after making some modifications; it makes possible to debug smali code step by step. Also it makes working with app eas ...

Modified
android-apktool
WetStone Technologies

Gargoyle Investigator MP is the next generation of WetStone’s advanced malware discovery solution for computer forensic investigators and incident response teams. It is designed for forensic laboratories, law enforcement, field investigators, advanced pri ...

Modified
Gargoyle Investigator MP
Oxygen Software Company

Besides the general data extracted by similar products, Oxygen Forensic Suite can extract a lot of unique information Using low-level protocols allows the program to extract: phone basic information and SIM-card data, contacts list, caller groups, speed ...

ModifiedNever