Digital Forensics Tools

DFIR tooling grouped by discipline; tool names stay in English, descriptions follow your language.

Open Source Tools

CAINE — Linux forensics live distro.

Binwalk — Firmware / file carving & analysis.

Magicrescue — File carving by magic bytes.

Scalpel — Fast file carver.

Scrounge-ntfs — NTFS data recovery.

Autopsy — GUI for The Sleuth Kit.

The Sleuth Kit — Disk & filesystem analysis.

Wireshark — Network protocol analyzer.

Volatility — Memory (RAM) analysis framework.

Ddrescue — Data recovery / disk cloning.

Mobile Verification Toolkit — Spyware traces on mobile.

Proprietary Tools

Magnet Axiom — All-in-one forensic suite.

ProDiscover — Disk forensics & imaging.

OS Forensics — Windows artifact analysis.

Belkasoft Evidence Center X — Multi-source evidence suite.

EnCase — Industry-standard forensic suite.

FTK — Forensic Toolkit (AccessData).

XWays Forensics — Lightweight forensic workstation.

Oxygen Forensic Suite — Mobile & cloud extraction.

AccessData Forensic Toolkit — Disk imaging & analysis.

Mobile Forensics Tools

Magnet ACQUIRE — Mobile / device acquisition.

Oxygen Forensic Suite — Mobile & cloud extraction.

Mobile Verification Toolkit — Spyware traces on mobile.

Elcomsoft iOS Forensic Toolkit — iOS acquisition & decryption.

Belkasoft Evidence Center X — Multi-source evidence suite.

Cellebrite UFED — Industry mobile extraction.

Oxygen Forensic Detective — Advanced mobile analytics.

MOBILedit Forensic Express — Phone data extraction.

Autopsy — GUI forensic platform.

Andriller — Android extraction & decoding.

Network Forensics Tools

Wireshark — Packet capture & analysis.

TCPDump — CLI packet capture.

Tshark — Wireshark CLI engine.

Xplico — Network traffic reconstruction.

Security Onion — Network monitoring distro.

Snort — Intrusion detection (IDS).

Bro — Network analysis (now Zeek).

NetworkMiner — Passive network forensics.

Memory Forensics Tools

Access data FTK imager — RAM / disk imaging.

Belkasoft RAM Capturer — Memory dump tool.

MemDump — Memory dumping utility.

Hibernation Recon — Parse hiberfil.sys.

WindowsSCOPE — Memory analysis & reverse.

Volatility — Memory analysis framework.

Volatility Workbench — GUI for Volatility.

Mandiant Redline — Host memory / IOC analysis.

DumpIt — One-click RAM dump.

MAGNET RAM Capture — Free memory capture.

Live Forensics Tools

OS Forensics — Live Windows triage.

Kali Linux Forensics Mode — Non-altering live boot.

F-Response — Remote live access.

EnCase Live — Live response module.

Disk Imaging Tools

dc3dd — Enhanced dd for forensics.

XWays Imager — Disk imaging tool.

Linux dd — Raw disk copy.

Guymager — Fast GUI imager.

FTK Imager — Imaging & preview.

OSFClone — Bootable cloning / imaging.

Encase Imager — EnCase imaging tool.

Getdata Forensic imager — Free disk imager.

WinHex — Hex editor & disk tool.

File Analysis Tools

AnalyzePESig — PE signature analysis.

Pdfid — PDF object / structure scan.

Pdf-parser — Parse PDF internals.

TrID — Identify file types.

ExifTool — Read / write metadata.

OfficeMalScanner — Scan Office malware.

PDF Stream Dumper — Analyze malicious PDFs.

Steganography Tools

Outguess — Hide / detect data in images.

SilentEye — GUI steganography tool.

Stegdetect — Detect hidden JPEG data.

StegoSuite — Java steganography suite.

OpenStego — Embed & watermark data.

Data Recovery Tools

PhotoRec — File recovery by carving.

TestDisk — Partition / boot recovery.

Stellar Data Recovery — Commercial recovery suite.

Recuva — Windows file recovery.

GetDataBack — NTFS / FAT recovery.

EaseUS Data Recovery Wizard — GUI recovery tool.

Cloud Forensics Tools

CloudBerry Backup — Cloud backup tool.

Docker Explorer — Inspect Docker artifacts.

Magnet AXIOM Cloud — Cloud data acquisition.

UFED Cloud Analyzer — Cellebrite cloud extraction.

MSAB XRY Cloud — Cloud data extraction.

Amazon Web Services (AWS) CLI — AWS command-line access.

Azure CLI — Azure command-line access.

Microsoft Office 365 eDiscovery Export Tool — M365 evidence export.

Google Cloud SDK — GCP command-line tools.

CloudBacko Pro — Cloud / local backup.

Browser/Internet Forensics

ChromeCacheView — Read Chrome cache.

MZCacheView — Read Firefox cache.

WebCacheImageInfo — Cached image metadata.

MyLastSearch — Recover search queries.

Nirsoft – Web Browser Tools — Browser artifact utilities.

BrowsingHistoryView — Cross-browser history.

Sysinternals Strings — Extract strings from files.

Magnet Axiom — All-in-one forensic suite.

OS Forensics — Windows artifact analysis.

IOC Forensics

Maltego — OSINT link analysis.

ThreatConnect — Threat intel platform.

AutoFocus — Palo Alto threat intel.

Cuckoo Sandbox — Automated malware sandbox.

Enforcement Toolkit — IOC enforcement utilities.

Registry Forensics

RecentFileCacheParser — Parse RecentFileCache.

Eric Zimmerman's tools — Renowned forensic utilities.

regshot — Registry snapshot / diff.

RegRipper — Registry data extraction.

AmcacheParser — Parse Amcache.hve.

ShellBags Explorer — Analyze ShellBags.

Email Forensics

MailXaminer — Email investigation suite.

MailPro+ — Email viewer / analyzer.

Autopsy — GUI forensic platform.

eMailTrackerPro — Trace email headers.

Aid4Mail — Email conversion / forensics.

Xtraxtor — Email / data extraction.

Malware Analysis

IDA Pro — Disassembler & debugger.

Process Monitor — Real-time system activity.

Yara — Pattern-based malware rules.

Cuckoo Sandbox — Automated malware sandbox.

rkhunter — Rootkit scanner (Linux).

Qu1cksc0pe — All-in-one static analysis.

VirusTotal — Online multi-engine scan.

Hybrid Analysis — Free malware sandbox.

Compiled from the “Digital Forensics Tools” chart by Hacking Articles (Ignite Technologies).