A curated list of essential digital forensics tools used for investigation, data recovery, and security analysis. These tools help in disk forensics, memory analysis, network monitoring, malware analysis, and more.
- Autopsy β GUI-based forensic tool for disk analysis.
- The Sleuth Kit (TSK) β Command-line toolkit for file system forensics.
- FTK Imager β Disk imaging and evidence collection.
- dd (Data Dump) β CLI tool for disk cloning and imaging.
- dcfldd β Enhanced version of
ddfor forensics. - Guymager β Fast forensic imaging tool with a GUI.
- TestDisk β Recover lost partitions and repair disk structures.
- PhotoRec β File recovery from storage media.
- X-Ways Forensics β Advanced disk and file system analysis tool.
- AccessData FTK (Forensic Toolkit) β Full forensic investigation suite.
- ExifTool β Extract metadata from files.
- md5sum, sha256sum β Verify file integrity with hash values.
- Hashdeep β Compute and audit hashes for large datasets.
- Foremost β Recover deleted files based on headers, footers, and data structures.
- Scalpel β File carving tool for deleted file recovery.
- Recuva β User-friendly file recovery software.
- Mount Image Pro β Mount disk images for live forensic analysis.
- OSForensics β Windows-based live forensic analysis tool.
- CAINE (Computer Aided Investigative Environment) β Live Linux forensic distro with built-in tools.
- DumpIt β One-click RAM dumping tool for Windows.
- WinPmem β Windows memory acquisition tool.
- LiME β Extracts live memory from Linux systems.
- AVML β Memory acquisition for Linux & Azure VMs.
- OSForensics β RAM imaging and forensic analysis.
- Volatility β Open-source framework for memory analysis.
- Volatility 3 β Python 3-based version with enhanced support.
- Rekall β Memory forensic framework from Google.
- MemProcFS β Mounts memory dumps as a virtual file system.
- Redline β Analyzes memory for malware infections.
- Malfind β Detects malicious code injections.
- YARA β Signature-based malware detection in RAM.
- Strings β Extracts readable text from memory dumps.
- PE-sieve β Detects injected malicious code.
- HollowsHunter β Identifies process hollowing and malware injections.
- Log2Timeline (Plaso) β Creates forensic timelines from memory artifacts.
- Memtriage β Rapid triage tool for incident response.
- Efilter β Query and analyze memory artifacts efficiently.
- Wireshark β GUI-based packet analyzer for real-time network traffic analysis.
- tcpdump β Command-line packet sniffer for capturing network packets.
- TShark β CLI version of Wireshark for automated packet analysis.
- Zeek (Bro) β Network traffic analysis tool for security monitoring.
- Suricata β High-performance network IDS, IPS, and NSM tool.
- Snort β Open-source intrusion detection and prevention system (IDS/IPS).
- Argus β Network flow analysis tool for session data monitoring.
- ELK Stack (Elasticsearch, Logstash, Kibana) β Log collection and visualization for network logs.
- Splunk β Advanced log analysis and SIEM for real-time network forensics.
- NetworkMiner β Passive network traffic analyzer for extracting forensic data.
- Xplico β Network forensic tool for reconstructing network sessions.
- NetFlow Analyzer β Monitors and analyzes network traffic using NetFlow data.
- Kismet β Wireless network sniffer and intrusion detection tool.
- Aircrack-ng β Wi-Fi network security assessment and packet capturing.
- WiFi Pineapple β Wireless network penetration testing and monitoring.
- ettercap β MitM attack tool for sniffing and network manipulation.
- MITMf β Advanced framework for network traffic interception and manipulation.
- Bettercap β Swiss army knife for network forensics, pentesting, and MitM attacks.
- Tor β Anonymity network used for deep web forensics.
- ONIONScan β Deep web analysis and onion service scanning.
- Cellebrite UFED β Industry-standard tool for extracting data from mobile devices.
- Magnet AXIOM β Mobile forensic analysis and recovery tool.
- Oxygen Forensic Suite β Mobile data extraction, call logs, and app analysis.
- XRY β Mobile forensics tool for data extraction and decoding.
- MOBILedit Forensic β Mobile device investigation with logical and physical extraction.
- Belkasoft Evidence Center β Extracts data from iOS, Android, and cloud services.
- ADB (Android Debug Bridge) β Command-line tool for interacting with Android devices.
- Andriller β Android pattern lock cracker and data extraction.
- AFLogical β Open-source tool for logical data extraction from Android.
- Frida β Dynamic instrumentation tool for Android reverse engineering.
- Drozer β Security testing framework for Android apps.
- Apktool β Reverse engineer APK files.
- iLEAPP (iOS Logs, Events, And Properties Parser) β Extracts logs and artifacts from iOS devices.
- Checkm8 / Checkra1n β Jailbreaking tool for forensic extraction.
- Elcomsoft iOS Forensic Toolkit β Extracts data from iOS devices, even locked ones.
- iExplorer β Browse iOS file systems without jailbreaking.
- Cydia Impactor β Install apps and exploit sideloading vulnerabilities.
- Oxygen Forensic Cloud Extractor β Extracts mobile data from cloud accounts.
- Google Takeout β Download data from Google services (Gmail, Drive, etc.).
- iCloudExtractor β Extracts backups from iCloud.
- SIM Cloning Tool β Clone and analyze SIM card data.
- Oxygen SIM Detective β Extracts data from SIM cards.
- MOBILedit SIM Clone β Copies SIM data and recovers deleted messages.
- WhatsApp Viewer β Extracts WhatsApp messages from databases.
- UFED Physical Analyzer β Analyzes mobile apps and messaging platforms.
- SQLite Forensic Browser β Investigates SQLite databases from apps like WhatsApp and Telegram.
- Paraben E3 β Extracts and analyzes messages from social media and chat apps.
- IDA Pro β Advanced disassembler and decompiler.
- Ghidra β Open-source reverse engineering framework.
- Radare2 β Binary analysis and reversing tool.
- PEStudio β Analyzes Windows executables for malware indicators.
- Detect It Easy (DIE) β Detects compiler and packer information.
- Cuckoo Sandbox β Automated malware sandbox.
- Any.Run β Interactive cloud-based malware analysis.
- Joe Sandbox β Advanced malware sandboxing.
- FakeNet-NG β Simulates network services to capture malware behavior.
- Volatility β Extracts artifacts from RAM dumps.
- Rekall β Memory forensics and incident response.
- RAM Capturer β Captures live RAM data.
- Process Hacker β Monitors and manipulates processes.
- ProcMon (Process Monitor) β Tracks system activity in real-time.
- Regshot β Compares registry snapshots.
- APIMonitor β Tracks API calls used by malware.
- YARA β Rule-based malware classification.
- Floss β Extracts obfuscated strings from malware.
- Binwalk β Extracts and analyzes firmware.
- VirusTotal β Multi-engine malware scanning.
- Hybrid Analysis β Free cloud-based malware sandbox.
- MalShare β Public malware sample repository.
- URLScan.io β Analyzes suspicious URLs for threats.
- AWS CloudTrail β Tracks API activity and security events in AWS.
- AWS GuardDuty β Threat detection for AWS accounts.
- Google Cloud Logging β Collects logs from Google Cloud services.
- Azure Monitor β Tracks Azure activity and performance.
- Google Takeout β Extracts data from Google accounts (Drive, Gmail, etc.).
- AWS S3 Access Logs β Monitors object access in AWS S3.
- Azure Storage Analytics β Logs Azure Storage activity.
- Velociraptor β Endpoint forensics and cloud-based threat hunting.
- AWS EC2 Instance Metadata β Retrieves forensic metadata from AWS instances.
- Google Cloud Compute Disk Snapshots β Captures VM snapshots for investigation.
- Azure Disk Forensics β Forensic analysis of Azure virtual disks.
- Zeek (Bro) β Network monitoring tool for cloud environments.
- AWS VPC Flow Logs β Captures AWS network traffic.
- Google VPC Flow Logs β Logs network traffic in Google Cloud.
- Azure Network Watcher β Monitors traffic flow in Azure.
- AWS IAM Access Analyzer β Analyzes permissions and access control.
- Google Cloud IAM Policy Analyzer β Checks permissions and access logs.
- Azure Active Directory Audit Logs β Tracks identity-related activities.
- GRR Rapid Response β Live forensics for cloud instances.
- AWS Security Hub β Centralized security alerts for AWS.
- Google Chronicle β Threat intelligence for Google Cloud.
- Azure Sentinel β Cloud-native SIEM for security monitoring.
- MHA (Message Header Analyzer) β Online tool to analyze email headers and detect phishing.
- MXToolbox β Extract sender IP, SPF, DKIM, and DMARC records.
- Wireshark β Packet capture tool for SMTP, IMAP, and POP3 analysis.
- EmailTracer β Python tool to extract and analyze email headers.
- ExifTool β Extract metadata from email files (.eml, .msg).
- Xplico β Extract emails from network traffic captures.
- Log2Timeline (Plaso) β Create timelines from email and system logs.
- MailXaminer β Advanced email forensic investigation tool.
- Forensic Email Collector β Extract and analyze cloud-based emails.
- PhishTool β Identify phishing attempts from email headers.
- VirusTotal β Scan email attachments and URLs for malware.
- YARA β Detect patterns in malicious emails and attachments.
- Mail Viewer β View and extract data from .eml and .msg files.
- Aid4Mail β Convert, search, and analyze email data.
- Kernel Email Recovery β Recover deleted or corrupted email data.
Hello, Hacker! π We'd love to stay connected with you. Reach out to us on any of these platforms and let's build something amazing together:
π Website: https://yogsec.github.io/yogsec/
π Linktree: https://linktr.ee/yogsec
π GitHub: https://github.com/yogsec
πΌ LinkedIn (Company): https://www.linkedin.com/company/yogsec/
π· Instagram: https://www.instagram.com/yogsec.io/
π¦ Twitter (X): https://x.com/yogsec
π¨βπΌ Personal LinkedIn: https://www.linkedin.com/in/cybersecurity-pentester/
π§ Email: [email protected]
β Support Us Here: https://buymeacoffee.com/yogsec