Tools

Here is a list of tools I carry in my USB toolkit. I will continuously add more as I come across tools that work better for specific artifacts or situations. Listed in alphabetical order:

Tools:

• Andriller CE - Android artifact and DB parser
• Arsenal Image Mounter - Forensic image mounting tool
• Autopsy - Free full forensic suite
• Autopsy Plugins - extra plugins by Mark McKinnon, great addition for parsing more artifacts
• BriMor Labs LRC (Cedarpelta) - automated triage and collection kit
• DB Browser for SQLite - one of the best free SQLite viewers
• ESE Analyst - parses ESE databases, I mostly use for SRUM parsing
• ExifTool - file EXIF extractor
• EZ Tools - includes Shellbags, Jumplist, MFT, Registry parsers and so much more
• FTK Imager - forensic imaging tool and image viewer
• Hindsight - Chrome browser parser
• KAPE - triage and artifact parser
• M.E.A.T. - mobile device collection tool
• Magnet ACQUIRE - acquisition tool for computers and mobile devices
• Magnet Encrypted Disk Detector - disk encryption checker
• Magnet RAM Capture - memory collection
• Network Miner - network forensic analysis
• Nirsoft NirLauncher - suite of individual IT and forensic tools
• PE Studio - quick malware analysis triage
• PPEE (Puppy) - PE file analyzer
• RegRipper - registry file parser
• Rufus USB - creates bootable USB drives
• ShadowExplorer - volume shadow copy analysis
• Sysinternals - suite of Windows analysis tools
• USB Detective - USB device parser from registry and other related artifacts
• Volatility / Volatility Workbench - RAM/memory analysis
• Wireshark - packet capture and network analysis
• WizTree - disk space analyzer

Linux Distros:

• CAINE
• CSI Linux Investigator
• Kali
• SANS SIFT
• Tsuguri

More:
DFIR Training - https://www.dfir.training/dfirtools