Forensic ToolsRSS

Forensic Tools

 These are tools for analyzing a breach in security in some way.  Typically they are used for collecting data about the breach after the fact, or analyzing software to see how it performs the attack.  Many reverse engineering tools will be listed here, as well as forensic recovery tools.

 

Other information about Forensic Tools

 

Sanderson Forensics Ltd.
Commercial
Pricing Model

VidReport VidReport is a tool for the processing and reporting of video files (AVI's, MOV's etc.) VidReport can be used as a 'normal' video player to view the contents of the video, but in addition VidReport can parse the file and display just a selec ...

ModifiedNever
Sanderson Forensics Ltd.
Freeware
Pricing Model

At the 2008 Microsoft Law Enforcement conference, I presented a short demonstration of my software OleDeconstruct. The operation of OleDeconstruct is very simple - point the software at a Word, Excel etc. file (not the new docx and xlsx files) and view ...

ModifiedNever
Sanderson Forensics Ltd.
Freeware
Pricing Model

Forensic Image Viewer Forensic Image Viewer (FIV) is an in-development tool for the processing and reporting of still images (JPG's, PNG's, GIf's etc.) Abridged feature list Display a single image from supported formats Display t ...

ModifiedNever
Centrifuge Systems, Inc.
Limited Free Trial
Pricing Model

Born out of the needs of the US Intelligence Community, Centrifuge was designed to address demanding and mission critical applications, including national security, cyber security, financial crimes  analysis, and border protection, where analysts are ...

Modified
Limited Free Trial
Pricing Model

NetSentry Live undetectably monitors network Internet traffic and captures, reconstructs, and stores original content in a searchable database. With its real-time alerts, NetSentry can provide the insight to identify both who and when suspicious or malici ...

Modified
NetSentry Live
Live-Forensics
Freeware
Pricing Model

DateDecoder will decode the majority of the encoded date/time stamps found on Windows computers including Unix Formats, MAC Formats, email timestamps and flash cookie timestamps.  The software is offered free of charge to benefit the community.

Modified
DateDecoder
Yago Jesus and Patrick Gouin
Open Source
Pricing Model

Unhide is a forensic tool to find hidden processes and TCP/UDP ports by rootkits / LKMs or by another hidden technique. // Unhide (ps) Detecting hidden processes. Implements six techniques * Compare /proc vs /bin/ps output * Compare inf ...

Modified
Open Source
Pricing Model

AIR is a GUI front-end to dd/dc3dd designed for easily creating forensic images. by Steve Gibson and Nanni Bassetti Features: * auto-detection of IDE and SCSI drives, CD-ROMs, and tape drives * choice of using either dd or dc3dd (Note: dc3d ...

ModifiedNever
Kristinn Gudjonsson

log2timeline is a framework for automatic creation of a super timeline. The main purpose is to provide a single tool to parse various log files and artifacts found on suspect systems (and supporting systems, such as network equipment) and produce a timeli ...

ModifiedNever
Golden G. Richard III

Scalpel is a fast file carver that reads a database of header and footer definitions and extracts matching files from a set of image files or raw device files. Scalpel is filesystem-independent and will carve files from FATx, NTFS, ext2/3, or raw partitio ...

Modified

A Recycle Bin Forensic Analysis Tool. Many important files within Microsoft Windows have structures that are undocumented. One of the principals of computer forensics is that all analysis methodologies must be well documented and repeatable, and they m ...

Modified
Brian Carrier

The Autopsy Forensic Browser is a graphical interface to the command line digital investigation tools in The Sleuth Kit. Together, they allow you to investigate the file system and volumes of a computer. They can analyze Windows and UNIX disks and file s ...

ModifiedNever
Honeynet Project

A.R.E, the Android Reverse Engineering Virtual Machine. This VirtualBox-ready VM includes the latest Android malware analysis tools as follows: * Androguard * Android sdk/ndk * APKInspector * Apktool * Axmlprinter * Ded * Dex2jar * DroidBox * Ja ...

ModifiedNever
Anthony Desnos

DroidBox is a sandbox for Android applications, and is developed to offer dynamic analysis of Android applications. The following information is shown in the results, generated when analysis is ended: Hashes for the analyzed package Incoming/outgoing ...

ModifiedNever

A powerful tool for analyzers to analyze the Android malware samples manually.   The important features of our tool are listed as follows: (1) Graph-based UI displaying control flow of the code. (2) Links from graph view to source view. (3) Func ...

ModifiedNever
Anthony Desnos

  Androguard (Android Guard) is a tool written in python to play with : .class (Java virtual machine) .dex (Dalvik virtual machine) APK (Android application) JAR (Java application) Android's binary xml   Androguard has the following ...

Modified

It is a tool for reengineering 3rd party, closed, binary Android apps. It can decode resources to nearly original form and rebuild them after making some modifications; it makes possible to debug smali code step by step. Also it makes working with app eas ...

ModifiedNever
Vere Software

  WebCase® was designed by experienced law enforcement professionals to help you collect Internet information in a usable, evidentiary, reportable manner. Built to manage the cases you initiate online, it was designed specifically to: Simplify th ...

ModifiedNever
Vere Software

Vere Software has partnered with Digital Intelligence to bring you R.E.O.: the only computer system designed entirely as the online investigator's best friend. R.E.O., along with Vere Software’s incomparable online evidence collection software WebCase®, m ...

ModifiedNever
SIMcon Forensics

  SIMCon is a program that allows the user to securely image all files on a GSM/3G SIM card to a computer file with the SIMCon forensic SIM card reader. The user can subsequently analyze the contents of the card including stored numbers and text mes ...

ModifiedNever

© Computer Network Defence Limited 2021