| Tools |
Description |
| Binwalk |
It is a tool for searching a given binary image for embedded files and executable code. |
| bulk-extractor |
It extracts information without parsing file systems such as e-mail addresses, credit card numbers, URLs, and other types of details from digital evidence files. |
| Capstone |
It is a framework used for binary analysis and reversing. It supports multiple hardware architectures and provides semantics of the disassembled instruction. |
| chntpw |
It is used to view information and change user passwords in Windows NT/2000 user database file. |
| Cuckoo |
It is a malware analysis system that can provide you the details of suspicious files you asking for. |
| dc3dd |
It is a patched version of GNU dd with added features for computer forensics. |
| ddrescue |
It duplicates data from one file or block device to another specified file or block. |
| DFF |
DFF stands for Digital Forensic Framework. It is used to quickly and easily collect, preserve, and reveal digital evidence without compromising systems and data. |
| diStorm3 |
It is a lightweight, easy-to-use, and fast decomposer library that disassembles a staged reverse shell generated by msfpayload. |
| Dumpzilla |
Dumpzilla is a tool to extract all forensic related information of Firefox, Iceweasel, and Seamonkey browsers to analyse. |
| extundelete |
This tool is used to recover deleted files from ext3/ext4 file system partition. |
| Foremost |
It is a forensic tool to recover lost files based on their headers, footers, and internal data structures. |
| Galleta |
It is a forensic tool that examines the content of cookies produced by Internet explorer. |
| Guymager |
It is a free forensic imager for media access. It generates flat, EWF, and AFF images support disk cloning. |
| iPhone Backup Analyzer |
It is a backup utility designed to browse easily through the backup folder of an iPhone. |
| p0f |
It is a traffic fingerprinting mechanism to identify the process behind any incidental TCP/IP communications without disturbing the process in any way. |
| Pdf-parser |
It is used to parse a PDF document to identify the fundamental elements used in the analysed file. |
| pdfid |
It scans a file to look for certain pdf keywords, allowing you to identify PDF documents that contain JavaScript. |
| pdgmail |
It extracts Gmail artefacts from a pd process memory dump |
| peepdf |
It is a pdf analysis tool to explore PDF files in order to find if the file can be harmful or not. |
| RegRipper |
It extracts information from the windows registry and presents it for analysis. |
| Volatility |
It is a memory forensic analysis platform to extracts the digital artefacts from the RAM samples. |
| Xplico |
It is a network forensic analysis tool that extracts application data from internet traffic. |
