Tools:
- Andriller CE - Android artifact and DB parser
- Arsenal Image Mounter - Forensic image mounting tool
- Autopsy - Free full forensic suite
- Autopsy Plugins - extra plugins by Mark McKinnon, great addition for parsing more artifacts
- BriMor Labs LRC (Cedarpelta) - automated triage and collection kit
- DB Browser for SQLite - one of the best free SQLite viewers
- ESE Analyst - parses ESE databases, I mostly use for SRUM parsing
- ExifTool - file EXIF extractor
- EZ Tools - includes Shellbags, Jumplist, MFT, Registry parsers and so much more
- FTK Imager - forensic imaging tool and image viewer
- Hindsight - Chrome browser parser
- KAPE - triage and artifact parser
- M.E.A.T. - mobile device collection tool
- Magnet ACQUIRE - acquisition tool for computers and mobile devices
- Magnet Encrypted Disk Detector - disk encryption checker
- Magnet RAM Capture - memory collection
- Network Miner - network forensic analysis
- Nirsoft NirLauncher - suite of individual IT and forensic tools
- PE Studio - quick malware analysis triage
- PPEE (Puppy) - PE file analyzer
- RegRipper - registry file parser
- Rufus USB - creates bootable USB drives
- ShadowExplorer - volume shadow copy analysis
- Sysinternals - suite of Windows analysis tools
- USB Detective - USB device parser from registry and other related artifacts
- Volatility / Volatility Workbench - RAM/memory analysis
- Wireshark - packet capture and network analysis
- WizTree - disk space analyzer
Linux Distros:
More:DFIR Training - https://www.dfir.training/dfirtools
No comments: