Skip to content

Instantly share code, notes, and snippets.

@amulifts

amulifts/forensic_tools.md

Last active May 8, 2023 04:16
Show Gist options
  • Save amulifts/e118408adc17fbdfdd95a96d3648fffe to your computer and use it in GitHub Desktop.
Save amulifts/e118408adc17fbdfdd95a96d3648fffe to your computer and use it in GitHub Desktop.
Download ZIP
All the Tools That I Use
Raw
forensic_tools.md

Disk Imaging and Analysis

Logo Name Description Links
Autopsy - Recovers lost files and analyzes digital media
- Free to use and has a user-friendly interface
- Compatible with other forensic tools like Sleuth Kit		 Autopsy
FTK Imager - Creates forensic images of hard drives and digital media
- Widely used by law enforcement agencies
- Advanced features such as file carving and registry analysis		 FTK Imager
Magnet Axiom - Recovers data from smartphones, computers, and digital devices
- Advanced features such as cloud analysis and artifact recovery		 Magnet Axiom
Encase - Paid Tool to recover evidence from seized hard drives Encase

Network Analysis

Logo Name Description Links
WireShark - Network protocol analyzer used for forensic analysis of network traffic
- Can capture and examine data from different network protocols
- Helps identify and troubleshoot network issues
- Open source and available for free		 WireShark

Registry Analysis

Logo Name Description Links
RegRipper - A tool for extracting information from the Windows Registry RegRipper
AccessData Registry Viewer - A tool for viewing the Windows Registry AccessData Registry Viewer

Hex Editors

Logo Name Description Links
HxD - A Hex editor software used for editing binary files.
- It can be used to view and edit raw data in hexadecimal format		 HxD
Quickhash-GUI - A tool for hashing data such as text strings, text files, and folders of files.
- It can also be used to compare two files, two folders, and copy folders of files with hashing.
- It supports some Base64 hashing as well.		 Quickhash-GUI
FileAlyzer - A tool for viewing detailed information about files, such as size, version number, and creation date.
- It can also be used to view the contents of files in hexadecimal format.		 FileAlyzer

Date/Time Conversion

Logo Name Description Links
DCode - A tool used for converting dates and times.
- It involves analyzing timestamps.		 DCode

Webpage and Website Downloaders

Logo Name Description Links
HTTrack - A tool for downloading websites HTTrack

RAM Capture

Logo Name Description Links
Magnet RAM Capturer - A tool for capturing RAM Magnet RAM Capturer

Memory Forensics

Logo Name Description Links
Volatility - A command line tool for memory forensics Volatility

Print Spool Analysis

Logo Name Description Links
SPLView - A tool for analyzing print spool files SPLView

Disk Image Mounting

Logo Name Description Links
Arsenal Image Mounter - A tool for mounting disk images Arsenal Image Mounter

Prefetch Analysis

Logo Name Description Links
PECmd - A command line tool used to parse prefetch files and display the contents of the files PECmd

Artifact Parsing and Extraction

Logo Name Description Links
KAPE - A tool for parsing and extracting artifacts KAPE

Incident Response / Incident Analysis

Logo Name Description Links
FireEye Redline - A tool for a security endpoint tool that provides accelerated live response, host investigative capabilities to users to find signs of malicious activity through memory and file analysis, and the development of a threat assessment profile FireEye Redline
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment