Directory
Forensic Tools
chkrootkit
Visit the Product Sitechkrootkit: shell script that checks system binaries for rootkit modification. 45 rootkits, worms and LKMs are currently detected. The following tests are made: aliens asp bindshell lkm rexedcs sniffer wted scalper slapper z2 amd basename biff chfn chsh ...
Rootkit ID project
Visit the Product SiteThe CyberAbuse Rootkit ID project is made of a software and a database which allows a unix user to detect rootkit files on his machine. The software compares SHA1 checksum of the files on the unix machine with the checksum present in our database. If the ...
Foremost
Visit the Product SiteForemost is a Linux program to recover files based on their headers and footers. Foremost can work on image files, such as those generated by dd, Safeback, Encase, etc, or directly on a drive. The headers and footers are specified by a configuration file, ...
md5deep
Visit the Product Sitemd5deep is a cross-platform program to compute MD5 message digests on an arbitrary number of files. The program is known to run on Windows, Linux, FreeBSD, OS X, Solaris, and should run on most other platforms. md5deep is similar to the md5sum program fou ...
PMDump
Visit the Product SitePMDump is a tool that lets you dump the memory contents of a process to a file without stopping the process. This can be useful in a forensic investigation.
PowerControls
Visit the Product SiteOntrack PowerControls 1.1 is a powerful tool for copying and searching mailbox data directly from an un-mounted Exchange database (.edb) file. It lets you restore single mailboxes, individual folders, or any number of messages and attachments to any mailb ...
GNU Parted
Visit the Product SiteGNU Parted is a program for creating, destroying, resizing, checking and copying partitions, and the file systems on them. This is useful for creating space for new operating systems, reorganising disk usage, copying data between hard disks and disk imagi ...
gpart
Visit the Product SiteGpart is a tool which tries to guess the primary partition table of a PC-type hard disk in case the primary partition table in sector 0 is damaged, incorrect or deleted. The guessed table can be written to a file or device. Supported (guessable) filesyste ...
mac-robber
Visit the Product Sitemac-robber is a digital investigation tool that collects data from allocated files in a mounted file system. This is useful during incident response when analyzing a live system or when analyzing a dead system in a lab. The data can be used by the mactime ...
WinHex
Visit the Product SiteFeatures include: Disk editor for hard disks, floppy disks, CD-ROM & DVD, ZIP, Smart Media, Compact Flash memory cards, and more. FAT12, FAT16, FAT32, NTFS, CDFS. RAM editor, providing access to other processes' virtual memory. Data interpreter, knowin ...
IDA Pro Disassembler
Visit the Product SiteFeatures include: IDA Pro is programmable through a built-in C like language. IDA offers an open Plugin Architecture. Our PE debugger is nothing more than a plugin! Multiple Processor : same interface and features for dozens of processors. 80x86 Windo ...
OllyDbg
Visit the Product SiteOllyDbg is a 32-bit assembler level analysing debugger for Microsoft Windows. Emphasis on binary code analysis makes it particularly useful in cases where source is unavailable. OllyDbg is a shareware, but you can download and use it for free. Special hig ...
knowngoods
Visit the Product SiteThe web interface is farily straight forward, point your favorite web brower here, choose an OS and enter an application name, or full path to the file. knowngoods.org/search.php can be used to search for any file in the database. This includes executabl ...
OnlineDFS - Online Digital Forensics Suite
Visit the Product SiteOnlineDFS enables network-based, real-time investigations of live, running computer systems. It is ideal for rapid incident response, compliance management and e-discovery in enterprises, and for the needs of law enforcement. OnLineDFS enables the rapid, ...