Forensic Tools
These are tools for analyzing a breach in security in some way. Typically they are used for collecting data about the breach after the fact, or analyzing software to see how it performs the attack. Many reverse engineering tools will be listed here, as well as forensic recovery tools.
Other information about Forensic Tools
- 8 Articles for Learning Android Mobile Malware Analysis - by Lenny Seltzer of the ISC
WinHex is in its core a universal hexadecimal editor, particularly helpful in the realm of computer forensics, data recovery, low-level data processing, and IT security. An advanced tool for everyday and emergency use: inspect and edit all kinds of files, ...
IDA Pro as a disassembler is capable of creating maps of their execution to show the binary instructions that are actually executed by the processor in a symbolic representation (assembly language). Advanced techniques have been implemented into IDA Pro s ...
OllyDbg is a 32-bit assembler level analysing debugger for Microsoft Windows. Emphasis on binary code analysis makes it particularly useful in cases where source is unavailable. OllyDbg is a shareware, but you can download and use it for free. Special hig ...
Curuncula is a tool shipped as a loadable kernel module that aims to detect rootkits based on the Intel debugging support facilities. Rootkits that set the GD access flag are also detected. It makes use of the "last branch recording" mechanism provided by ...
Simple Carver Suite is a collection of unique tools designed for a number of purposes including but not limited to forensic computing, data recovery and eDiscovery. Simple Carver originally began as a single data recovery tool, a basic file carver which h ...
Analyze Skype chat logs, contact lists, SMS messages with SkypeAlyzer a forensic tool designed to work with both the old Skype database files – found in a series of .dbb files and the newer Skype database files (main.db).
Centrifuge Analytics makes it easy to harness the power of your data, visualize discoveries, collaborate to draw conclusions and make effective predictions that will have an immediate impact to your organization. Data Discovery Not Data Processing ...
Unhide is a forensic tool to find hidden processes and TCP/UDP ports by rootkits / LKMs or by another hidden technique. // Unhide (ps) Detecting hidden processes. Implements six techniques * Compare /proc vs /bin/ps output * Compare inf ...
AIR is a GUI front-end to dd/dc3dd designed for easily creating forensic images. by Steve Gibson and Nanni Bassetti Features: * auto-detection of IDE and SCSI drives, CD-ROMs, and tape drives * choice of using either dd or dc3dd (Note: dc3d ...
log2timeline is a framework for automatic creation of a super timeline. The main purpose is to provide a single tool to parse various log files and artifacts found on suspect systems (and supporting systems, such as network equipment) and produce a timeli ...
Scalpel is a fast file carver that reads a database of header and footer definitions and extracts matching files from a set of image files or raw device files. Scalpel is filesystem-independent and will carve files from FATx, NTFS, ext2/3, or raw partitio ...
Rifiuti2 analyses recycle bin files from Windows. Rifiuti2 can extract file deletion time, original path and size of deleted files. For more ancient versions of Windows, it can also check whether deleted items were not in recycle bin anymore (that is, eit ...
Autopsy is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools. It is used by law enforcement, military, and corporate examiners to investigate what happened on a computer. You can even use it to recov ...
A.R.E, the Android Reverse Engineering Virtual Machine. This VirtualBox-ready VM includes the latest Android malware analysis tools as follows: * Androguard * Android sdk/ndk * APKInspector * Apktool * Axmlprinter * Ded * Dex2jar * DroidBox * Ja ...
DroidBox is developed to offer dynamic analysis of Android applications. The following information is described in the results, generated when analysis is complete: Hashes for the analyzed package Incoming/outgoing network data File read and write op ...
A powerful tool for analyzers to analyze the Android malware samples manually. The important features of our tool are listed as follows: (1) Graph-based UI displaying control flow of the code. (2) Links from graph view to source view. (3) Func ...
Androguard (Android Guard) is a tool written in python to play with : .class (Java virtual machine) .dex (Dalvik virtual machine) APK (Android application) JAR (Java application) Android's binary xml Androguard has the following ...
It is a tool for reengineering 3rd party, closed, binary Android apps. It can decode resources to nearly original form and rebuild them after making some modifications; it makes possible to debug smali code step by step. Also it makes working with app eas ...
Gargoyle Investigator MP is the next generation of WetStone’s advanced malware discovery solution for computer forensic investigators and incident response teams. It is designed for forensic laboratories, law enforcement, field investigators, advanced pri ...
Besides the general data extracted by similar products, Oxygen Forensic Suite can extract a lot of unique information Using low-level protocols allows the program to extract: phone basic information and SIM-card data, contacts list, caller groups, speed ...