Computer forensics is an essential field that involves the investigation of digital devices to uncover evidence in various scenarios, including criminal activities and corporate disputes.
This article provides a curated list of top-notch free tools and resources that are crucial for anyone involved in the forensic analysis of computers.
From specialized operating systems to advanced frameworks and utilities for data recovery, this guide covers all the necessary tools to equip you with the skills needed for effective digital investigations.
Curated list of awesome free forensic analysis tools and resources.
Name | Descriptions |
---|---|
bitscout | Bitscout is customizable live OS constructor tool written entirely in bash. It’s main purpose is to help you quickly create own remote forensics bootable disk image. |
Remnux | REMnux® is a Linux toolkit for reverse-engineering and analyzing malicious software. REMnux provides a curated collection of free tools created by the community. Analysts can use it to investigate malware without having to find, install, and configure the tools. |
SANS Investigative Forensics Toolkit (sift) | Linux distribution for forensic analysis |
Tsurugi Linux | Tsurugi Linux is a DFIR open source project that is and will be totally free, independent, without involving any commercial brand Our main goal is share knowledge and “give back to the community” |
WinFE | As a result of this, WinFE will now load on UEFI as well as legacy systems, without changing BIOS settings. This means that devices, such as the Microsoft Surface Pro can be easily forensically imaged. BitLocker is also supported providing that you have access to either the unlock key or password. |
Name | Descriptions |
---|---|
Autopsy | Autopsy® is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools. It is used by law enforcement, military, and corporate examiners to investigate what happened on a computer. You can even use it to recover photos from your camera’s memory card. |
dff | DFF (Digital Forensics Framework) is a Forensics Framework coming with command line and graphical interfaces. DFF can be used to investigate hard drives and volatile memory and create reports about user and system activities. |
dexter | Forensics acquisition framework designed to be extensible and secure. |
IntelMQ | IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol. |
Kuiper | Kuiper is a digital investigation platform that provides a capabilities for the investigation team and individuals to parse, search, visualize collected evidences (evidences could be collected by fast traige script like Hoarder). |
Laika BOSS | Laika BOSS: Object Scanning System. |
PowerForensics | PowerForensics provides an all in one platform for live disk forensic analysis. |
The Sleuth Kit | The Sleuth Kit® (TSK) is a library and collection of command line digital forensics tools that allow you to investigate volume and file system data. The library can be incorporated into larger digital forensics tools and the command line tools can be directly used to find evidence. |
turbinia | Turbinia is an open-source framework for deploying, managing, and running forensic workloads on cloud platforms |
IPED - Indexador e Processador de Evidências Digitais | IPED Digital Forensic Tool. It is an open source software that can be used to process and analyze digital evidence, often seized at crime scenes by law enforcement or in a corporate investigation by private examiners. |
Wombat Forensics | Wombat Forensics is a new Forensic Analysis tool built entirely in C and C++. The GUI is built using Qt5, so it may one day work on Windows, Linux and Macintosh systems. |
binwalk | Firmware Analysis Tool |
For more information click here.
shadow-rs is a Windows kernel rootkit written in Rust, demonstrating advanced techniques for kernel manipulation…
Extract and execute a PE embedded within a PNG file using an LNK file. The…
Embark on the journey of becoming a certified Red Team professional with our definitive guide.…
This repository contains proof of concept exploits for CVE-2024-5836 and CVE-2024-6778, which are vulnerabilities within…
This took me like 4 days (+2 days for an update), but I got it…
MaLDAPtive is a framework for LDAP SearchFilter parsing, obfuscation, deobfuscation and detection. Its foundation is…