Skip to main content

Forensics

Tools used for solving Forensics challenges

  • A-Packets - Effortless PCAP File Analysis in Your Browser.
  • Autopsy - End-to-end open source digital forensics platform.
  • Binwalk - Firmware Analysis Tool.
  • Bulk-extractor - High-performance digital forensics exploitation tool.
  • Bkhive & samdump2 - Dump SYSTEM and SAM files.
  • ChromeCacheView - Small utility that reads the cache folder of Google Chrome Web browser, and displays the list of all files currently stored in the cache.
  • Creddump - Dump Windows credentials.
  • Exiftool - Read, write and edit file metadata.
  • Extundelete - Utility that can recover deleted files from an ext3 or ext4 partition.
  • firmware-mod-kit - Modify firmware images without recompiling.
  • Foremost - Console program to recover files based on their headers, footers, and internal data structures.
  • Forensic Toolkit - It scans a hard drive looking for various information. It can, potentially locate deleted emails and scan a disk for text strings to use them as a password dictionary to crack encryption.
  • Forensically - Free online tool to analysis image this tool has many features.
  • MZCacheView - Small utility that reads the cache folder of Firefox/Mozilla/Netscape Web browsers, and displays the list of all files currently stored in the cache.
  • NetworkMiner Network Forensic Analysis Tool (NFAT).
  • OfflineRegistryView - Simple tool for Windows that allows you to read offline Registry files from external drive.
  • photorec - File data recovery software designed to recover lost files including video, documents and archives from hard disks, CD-ROMs, and lost pictures (thus the Photo Recovery name) from digital camera memory.
  • Registry Viewer - Tool to view Windows registers.
  • Scalpel - Open source data carving tool.
  • The Sleuth Kit - Collection of command line tools and a C library that allows you to analyze disk images and recover files from them.
  • USBRip - Simple CLI forensics tool for tracking USB device artifacts (history of USB events) on GNU/Linux.
  • Volatility - An advanced memory forensics framework.
  • Wireshark - Tool to analyze pcap or pcapng files.
  • X-Ways - Advanced work environment for computer forensic examiners.