Autopsy
An open-source digital forensics platform with a graphical interface for analyzing hard drives and smartphones.
EnCase
A widely used digital forensic software for examining computer systems and mobile devices.
FTK (Forensic Toolkit)
A forensic software application for analyzing and recovering digital evidence.
X-Ways Forensics
A powerful and efficient digital forensic software solution.
Sleuth Kit
A collection of command-line digital forensic tools based on The Sleuth Kit.
Volatility
An open-source memory forensics framework for incident response and malware analysis.
CAINE (Computer Aided INvestigative Environment)
A Linux distribution for digital forensics and incident response.
Digital Forensics Framework (DFF)
An open-source platform for digital forensics.
DEFT (Digital Evidence & Forensics Toolkit)
A Linux distribution for computer forensics.
OSForensics
A digital investigation and forensic software.
ProDiscover
A comprehensive computer forensic tool for Windows.
Helix3
A live CD based on Knoppix designed for computer forensics and investigation.
Forensic Email Collector
A tool for collecting email messages from source locations and preserving them in a format for analysis.
Belkasoft Evidence Center
A digital forensic solution for analyzing and recovering digital evidence.
Oxygen Forensic Detective
A mobile and cloud forensics software.
BlackLight
A digital forensic software solution by BlackBag Technologies.
Registry Recon
A tool for analyzing Windows registry files.
DEI Hexacorn
A collection of tools for digital forensics and incident response.
Scalpel
An open-source data carving tool.
TestDisk
A powerful data recovery software.
Axiom (Magnet Forensics)
A digital forensics platform that offers analysis, collaboration, and reporting.
Paladin
A live bootable CD for digital forensics and incident response.
USB Write Blocker
A hardware device or software tool that prevents data from being written to USB devices.
Bulk Extractor
A digital forensics tool that scans a disk image, file, or directory of files and extracts useful information without parsing the file system structure.
Wireshark
A widely-used network protocol analyzer.
NetworkMiner
A network forensic analysis tool.
Cellebrite UFED
A mobile forensics solution for extracting data from smartphones and mobile devices.
F-Response
A tool for remote forensics and eDiscovery.
RegRipper
A Windows registry data extraction tool.
Redline
A free endpoint investigation tool by FireEye.
Ghiro
An open-source tool for digital photo and image forensics.
HxD
A hex editor, disk editor, and memory editor.
DumpIt
A physical memory dump tool.
Autopsy Sleuth Kit Plugins
Additional plugins for Autopsy to enhance its functionality.
Lime
A kernel module for memory extraction on Windows and Linux.
FastDump
A physical memory dump tool for Windows.
RegShot
A tool for taking snapshots of the Windows registry.
OSFClone
A free, self-booting solution that enables you to create or clone exact raw disk images quickly and independent of the installed operating system.
TSK-IMG
A command-line tool for reading and writing disk images.
Autopsy Extensions
Add-ons and customizations for Autopsy.
Loki
A YARA signature-based scanner that identifies known and unknown malware.
Plaso (Log2Timeline)
A tool designed to extract timestamps from various files found on a typical computer system.
SANS SIFT Workstation
A freely available incident response and forensic toolkit to detect and respond to cyber threats.
Guymager
A forensic imager for media acquisition.
Rifiuti
A Recycle Bin forensics tool.
Kali Linux
A Debian-based Linux distribution aimed at advanced Penetration Testing and Security Auditing.
Security Onion
A free and open-source platform for threat hunting, enterprise security monitoring, and log management.
Autopsy Grep
A utility for searching through the file system for specific content.
Bulk Rename Utility
A free file renaming software for Windows.
WinHex
WinHex is in its core a universal hexadecimal editor, particularly helpful in the realm of computer forensics, data recovery, low-level data processing, and IT security. An advanced tool for everyday and emergency use: inspect and edit all kinds of files, recover deleted files or lost data from hard drives with corrupt file systems or from digital camera cards.
