Forensic ToolsRSS

Forensic Tools

 These are tools for analyzing a breach in security in some way.  Typically they are used for collecting data about the breach after the fact, or analyzing software to see how it performs the attack.  Many reverse engineering tools will be listed here, as well as forensic recovery tools.

 

Other information about Forensic Tools

 

Craig Wilson
COMMERCIAL
Pricing Model

NetAnalysis will automatically rebuild HTML web pages from an extracted cache, automatically adding the correct location of the graphics allowing you to view the page as the suspect did. NetAnalysis also allows you to easily view JPEG and other pictures t ...

Modified
Pangeia Informatica
GPL
Pricing Model

chkrootkit: shell script that checks system binaries for rootkit modification. 45 rootkits, worms and LKMs are currently detected. The following tests are made: aliens asp bindshell lkm rexedcs sniffer wted scalper slapper z2 amd basename biff chfn chsh ...

Modified
Philippe Bourcier
GPL
Pricing Model

The CyberAbuse Rootkit ID project is made of a software and a database which allows a unix user to detect rootkit files on his machine. The software compares SHA1 checksum of the files on the unix machine with the checksum present in our database. If the ...

Modified
Special Agent Jesse Kornblum
GPL
Pricing Model

Foremost is a Linux program to recover files based on their headers and footers. Foremost can work on image files, such as those generated by dd, Safeback, Encase, etc, or directly on a drive. The headers and footers are specified by a configuration file, ...

Modified
Special Agent Jesse Kornblum
GPL
Pricing Model

md5deep is a cross-platform program to compute MD5 message digests on an arbitrary number of files. The program is known to run on Windows, Linux, FreeBSD, OS X, Solaris, and should run on most other platforms. md5deep is similar to the md5sum program fou ...

Modified
Arne Vidstrom
FREEWARE
Pricing Model

PMDump is a tool that lets you dump the memory contents of a process to a file without stopping the process. This can be useful in a forensic investigation.

Modified
Kroll Ontrack Ltd
Commercial
Pricing Model

The Ontrack® PowerControls™ software suite includes two powerful, yet easy to use applications for searching, recovering, restoring and managing data in Microsoft® Exchange Server and Microsoft® Office SharePoint® Server environments. Each applicatio ...

Modified
Free Software Foundation, Inc
GPL
Pricing Model

GNU Parted is a program for creating, destroying, resizing, checking and copying partitions, and the file systems on them. This is useful for creating space for new operating systems, reorganising disk usage, copying data between hard disks and disk imagi ...

Modified
Brian Carrier
FREEWARE
Pricing Model

mac-robber is a digital investigation tool that collects data from allocated files in a mounted file system. This is useful during incident response when analyzing a live system or when analyzing a dead system in a lab. The data can be used by the mactime ...

Modified
Free Trial
Pricing Model

Features include: Disk editor for hard disks, floppy disks, CD-ROM & DVD, ZIP, Smart Media, Compact Flash memory cards, and more. FAT12, FAT16, FAT32, NTFS, CDFS. RAM editor, providing access to other processes' virtual memory. Data interpreter, knowin ...

Modified
COMMERCIAL
Pricing Model

Features include: IDA Pro is programmable through a built-in C like language. IDA offers an open Plugin Architecture. Our PE debugger is nothing more than a plugin! Multiple Processor : same interface and features for dozens of processors. 80x86 Windo ...

Modified
Oleh Yuschuk
SHAREWARE
Pricing Model

OllyDbg is a 32-bit assembler level analysing debugger for Microsoft Windows. Emphasis on binary code analysis makes it particularly useful in cases where source is unavailable. OllyDbg is a shareware, but you can download and use it for free. Special hig ...

Modified
Cyber Security Technologies Corporation
Commercial
Pricing Model

OnlineDFS enables network-based, real-time investigations of live, running computer systems. It is ideal for rapid incident response, compliance management and e-discovery in enterprises, and for the needs of law enforcement. OnLineDFS enables the rapid, ...

Modified
Massimiliano Montoro
Freeware
Pricing Model

Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP con ...

ModifiedNever
Giuseppe Cocomazzi
Open Source
Pricing Model

Curuncula is a tool shipped as a loadable kernel module that aims to detect rootkits based on the Intel debugging support facilities. Rootkits that set the GD access flag are also detected. It makes use of the "last branch recording" mechanism provided by ...

ModifiedNever
Filesig Software Solutions
Commercial
Pricing Model

Simple Carver Suite is a collection of unique tools designed for a number of purposes including but not limited to forensic computing, data recovery and eDiscovery. Simple Carver originally began as a single data recovery tool, a basic file carver which h ...

Modified
Simple Carver Suite
Sanderson Forensics Ltd.
Commercial
Pricing Model

LinkAlyzer LinkAlyzer is a forensic tool that decodes and displays the content of multiple link files (Windows Shortcuts) at the same time. LinkAlyzer Loads multiple (tested on 40,000+) link files into a grid and Displays : • Internal dates (whe ...

ModifiedNever
LinkAlyzer
Sanderson Forensics Ltd.
Commercial
Pricing Model

SkypeAlyzer Analyse Skype chat logs, contacts lists, SMS messages with SkypeAlyzer a forensics tool designed to work with both the old Skype database files – found in a series of .dbb files and the newer Skype database files (main.db). Use Skype ...

ModifiedNever
Sanderson Forensics Ltd.
Commercial
Pricing Model

RevEnge is a fully featured hex viewer designed with Reverse Engineering in mind, hence the name. It comes packed with features not seen in other Hex viewers such as it ability to perform on the fly decompression of ZLib compressed data, display and searc ...

ModifiedNever
Sanderson Forensics Ltd.
Commercial
Pricing Model

PmExplorer is a forensic software tool for the review and examination of PM files for Nokia mobile telephones. PM files can be obtained with third party hardware and software utilities such as SaraSoft and the SHU box. PmExplorer differs from current m ...

ModifiedNever

© Computer Network Defence Limited 2021