A curated list of awesome forensic analysis tools and resources
Switch branches/tags
Nothing to show
Clone or download
Latest commit ccc4af8 Aug 17, 2018
Permalink
Failed to load latest commit information.
.travis.yml Create .travis.yml Nov 25, 2016
CONTRIBUTING.md Update CONTRIBUTING.md Oct 8, 2017
LICENSE Initial commit Mar 29, 2016
README.md Add swap_digger (#21) Aug 17, 2018

README.md

Awesome Forensics Link Status

Curated list of awesome free (mostly open source) forensic analysis tools and resources.


Collections

Tools

Distributions

Frameworks

  • dff - Forensic framework
  • IntelMQ - IntelMQ collects and processes security feeds
  • Laika BOSS - Laika is an object scanner and intrusion detection system
  • PowerForensics - PowerForensics is a framework for live disk forensic analysis
  • The Sleuth Kit - Tools for low level forensic analysis
  • turbinia - Turbinia is an open-source framework for deploying, managing, and running forensic workloads on cloud platforms

Live forensics

  • grr - GRR Rapid Response: remote live forensics for incident response
  • Linux Expl0rer - Easy-to-use live forensics toolbox for Linux endpoints written in Python & Flask
  • mig - Distributed & real time digital forensics at the speed of the cloud
  • osquery - SQL powered operating system analytics

Imageing

  • dc3dd - Improved version of dd
  • dcfldd - Different improved version of dd (this version has some bugs!, another version is on github adulau/dcfldd)
  • FTK Imager - Free imageing tool for windows
  • Guymager - Open source version for disk imageing on linux systems

Carving

more at Malware Analysis List

  • bstrings - Improved strings utility
  • bulk_extractor - Extracts informations like email adresses, creditscard numbers and histrograms of disk images
  • floss - Static analysis tool to automatically deobfuscate strings from malware binaries
  • photorec - File carving tool
  • swap_digger - A bash script used to automate Linux swap analysis, automating swap extraction and searches for Linux user credentials, Web form credentials, Web form emails, etc.

Memory Forensics

more at Malware Analysis List

  • inVtero.net - High speed memory analysis framework developed in .NET supports all Windows x64, includes code integrity and write support.
  • KeeFarce - Extract KeePass passwords from memory
  • Rekall - Memory Forensic Framework
  • volatility - The memory forensic framework
  • VolUtility - Web App for Volatility framework

Network Forensics

more at Malware Analysis List, Forensicswiki's Tool List, awesome-pcaptools and Wireshark Tool and Script List

  • SiLK Tools - SiLK is a suite of network traffic collection and analysis tools
  • Wireshark - The network traffic analysis tool
  • NetLytics - Analytics platform to process network data on Spark.

Windows Artifacts

more at Malware Analysis List

OS X Forensics

Internet Artifacts

  • chrome-url-dumper - Dump all local stored infromation collected by Chrome
  • hindsight - Internet history forensics for Google Chrome/Chromium

Timeline Analysis

  • DFTimewolf - Framework for orchestrating forensic collection, processing and data export using GRR and Rekall
  • plaso - Extract timestamps from various files and aggregate them
  • timesketch - Collaborative forensic timeline analysis

Disk image handling

  • aff4 - AFF4 is an alternative, fast file format
  • Disk Arbitrator - A Mac OS X forensic utility designed to help the user ensure correct forensic procedures are followed during imaging of a disk device
  • docker-explorer - A tool to help forensicate offline docker acquisitions
  • imagemounter - Command line utility and Python package to ease the (un)mounting of forensic disk images
  • libewf - Libewf is a library and some tools to access the Expert Witness Compression Format (EWF, E01)
  • xmount - Convert between different disk image formats

Decryption

Learn forensics

CTFs

Resources

Books

more at Recommended Readings by Andrew Case

File System Corpora

Twitter

Blogs

Other

Related Awesome Lists

Contributing

Pull requests and issues with suggestions are welcome!