Tools

641 results - showing 41 - 60
« 1 2 3 4 5 6 7 8 9 10 ... »
FeaturedHot

Belkasoft R is a digital forensic and incident response tool developed specifically for remote extraction.

Gather evidence from geographically distributed endpoints in the blink of an eye. Acquire remotely the following devices and artifacts: hard and removable drives, RAM, connected mobile devices, and specific artifacts with Belkasoft Remote Acquisition.

License Type
Commercial - Paid
Developer
Belkasoft
FeaturedHot

Belkasoft Incident Investigations (Belkasoft N) is a tool for digital incident investigations, developed specifically for businesses and aimed to investigate hacking attempts of Windows-based computers.

By analyzing numerous sources, Belkasoft N can find traces, which are typical for various tricks used by hackers to penetrate company's infrastructure.

License Type
Commercial - Paid
Developer
Belkasoft
FeaturedHot

Belkasoft Triage is a digital forensic and incident response tool developed specifically for a quick analysis of a live computer and making a partial image of important data.

Detect 1500+ artifact types and profiles and select only those artifacts which are needed to proceed with your investigation.

License Type
Commercial - Paid
Developer
Belkasoft
FeaturedHot

Accelerate your digital forensic and incident response investigations with Belkasoft Evidence Center X, an all-in-one product for mobile, computer memory, and cloud forensic examinations.

Belkasoft X works out of the box and can be easily integrated into customer workflows. The software interface is so user-friendly that you can start working with your cases right after the Belkasoft X deployment

License Type
Commercial - Paid
Developer
Belkasoft

This free DOS-based software can be used to test hard drives for presence of read instabilities. It can also deactivate the Master Boot Record (MBR) in order to stop a drive from being mounted by any operating system (here is why mounting is a bad idea for data recovery purposes). Unlike almost all other software tools, this utility works directly through the ATA controller rather than through the BIOS/OS, which allows for increased operational stability and more accurate identification of hard drive read instabilities.

License Type
Free
Developer
DeepSpar

In December 2011, a new branch within the Volatility project was created to explore how to make the code base more modular, improve performance, and increase usability. This branch was later forked to become Rekall. The modularity allowed physical memory analysis functionality to be used in GRR to enable remote live in-memory analysis.

 

License Type
Free

This project contains code which allows an inexperienced user to easily (one click) upload forensics evidence (such as some information about the system, a full disk image as well as the system's firmware, if supported) from a target device (that will boot on an external device containing the code) to Google Cloud Storage.

License Type
Free

This README contains instructions on how to use the scripts in this repository to retrieve Intel AMT's Audit Log from a Linux machine without knowing the admin user's password. The ideas from the script can be used to retrieve other pertinent information from Intel AMT via the ME Interface (MEI).

License Type
Free

dfDewey is a digital forensics string extraction, indexing, and searching tool.

License Type
Free

Python library to carry out DFIR analysis on the Cloud

License Type
Free

grr

GRR Rapid Response is an incident response framework focused on remote live forensics.

License Type
Free

Automation and Scaling of Digital Forensics Tools.

Turbinia is an open-source framework for deploying, managing, and running distributed forensic workloads. It is intended to automate running of common forensic processing tools (i.e. Plaso, TSK, strings, etc) to help with processing evidence in the Cloud, scaling the processing of large amounts of evidence, and decreasing response time by parallelizing processing where possible.

License Type
Free

Collaborative forensic timeline analysis

License Type
Free

Container Explorer (container-explorer) is a tool to explore containers of a disk image. Container Explorer supports exploring containers managed using containerd and docker container runtimes. Container Explorer attempts to provide the familiar output generated by tools like ctr and docker.

License Type
Free

A tool to help forensicate offline docker acquisitions

License Type
Free

For forensic analysts to build Contraband Filters™ from their own data sets of image and videos. Offer the ability to add newly discovered files and to merge Contraband Filters™.

 

License Type
Commercial - Paid
Developer
Cyacomb

Cyacomb Offender Manager and Cyacomb Responder empowers frontline investigators to rapidly triage digital devices in minutes.

Cyacomb Offender Manager and Cyacomb Responder were designed by frontline investigators for front line investigators. Easy to use, with no deep digital forensic knowledge required, users just plug in these tools and scan.

License Type
Commercial - Paid
Developer
Cyacomb

Like Cyacomb Forensics’ other digital triage tools, Cyacomb Mobile Triage scans mobile devices for known illegal content fast. Results can be reviewed on screen, with simple and clear red and green results displayed.

Cyacomb Mobile Triage operates from DATAPILOT 10 devices. Purpose built handheld computers that are rugged and portable, the combined tools help law enforcement offices to make informed decisions on scene.

License Type
Commercial - Paid
Developer
Cyacomb
Cyacomb Examiner is for investigators who want results fast. Our cutting edge block level hashing technology replaces slow MD5 scans detecting indecent images of children or terrorist material in minutes.
Our flagship forensic tool, Cyacomb Examiner is intended for skilled digital forensic analysts who want maximum control, maximum flexibility and detailed results – FAST.
License Type
Commercial - Paid
Developer
Cyacomb

Events-Ripper is based on the 5-field, pipe-delimited TLN "intermediate" events file format. This file is intermediate, as it the culmination or collection of normalized events from different data sources (i.e., Registry, WEVTX, MFT, etc.) that are then parsed into a deduped timeline.

The current iteration of Events-Ripper includes plugins that are written specifically for Windows Event Log (*.evtx) events.

This tool is intended to address a very specific problem set, one that leverages a limited data set to develop as much insight and situational awareness as possible from that data set.

License Type
Free
Developer
Harlan Carvey
641 results - showing 41 - 60
« 1 2 3 4 5 6 7 8 9 10 ... »