Forensic Tools
pstools
Visit the Product SiteThe tools included in the PsTools suite, which are downloadable individually or as a package, are: PsExec - execute processes remotely, PsFile - shows files opened remotely, PsGetSid - display the SID of a computer or a user, PsKill - kill processes by na ...
NetAnalysis
Visit the Product SiteNetAnalysis will automatically rebuild HTML web pages from an extracted cache, automatically adding the correct location of the graphics allowing you to view the page as the suspect did. NetAnalysis also allows you to easily view JPEG and other pictures t ...
chkrootkit
Visit the Product Sitechkrootkit: shell script that checks system binaries for rootkit modification. 45 rootkits, worms and LKMs are currently detected. The following tests are made: aliens asp bindshell lkm rexedcs sniffer wted scalper slapper z2 amd basename biff chfn chsh ...
Rootkit ID project
Visit the Product SiteThe CyberAbuse Rootkit ID project is made of a software and a database which allows a unix user to detect rootkit files on his machine. The software compares SHA1 checksum of the files on the unix machine with the checksum present in our database. If the ...
Foremost
Visit the Product SiteForemost is a Linux program to recover files based on their headers and footers. Foremost can work on image files, such as those generated by dd, Safeback, Encase, etc, or directly on a drive. The headers and footers are specified by a configuration file, ...
md5deep
Visit the Product Sitemd5deep is a cross-platform program to compute MD5 message digests on an arbitrary number of files. The program is known to run on Windows, Linux, FreeBSD, OS X, Solaris, and should run on most other platforms. md5deep is similar to the md5sum program fou ...
PMDump
Visit the Product SitePMDump is a tool that lets you dump the memory contents of a process to a file without stopping the process. This can be useful in a forensic investigation.
Ontrack PowerControls
Visit the Product SiteOntrack® PowerControls™ has grown! We've increased the usabilty and functionality of PowerControls making it even easier and quicker to use - saving Exchange and SharePoint® administrators even more time and money! For the successful management of y ...
GNU Parted
Visit the Product SiteGNU Parted is a program for creating, destroying, resizing, checking and copying partitions, and the file systems on them. This is useful for creating space for new operating systems, reorganising disk usage, copying data between hard disks and disk imagi ...
mac-robber
Visit the Product Sitemac-robber is a digital investigation tool that collects data from allocated files in a mounted file system. This is useful during incident response when analyzing a live system or when analyzing a dead system in a lab. The data can be used by the mactime ...
WinHex
Visit the Product SiteFeatures include: Disk editor for hard disks, floppy disks, CD-ROM & DVD, ZIP, Smart Media, Compact Flash memory cards, and more. FAT12, FAT16, FAT32, NTFS, CDFS. RAM editor, providing access to other processes' virtual memory. Data interpreter, knowin ...
IDA Pro Disassembler
Visit the Product SiteFeatures include: IDA Pro is programmable through a built-in C like language. IDA offers an open Plugin Architecture. Our PE debugger is nothing more than a plugin! Multiple Processor : same interface and features for dozens of processors. 80x86 Windo ...
OllyDbg
Visit the Product SiteOllyDbg is a 32-bit assembler level analysing debugger for Microsoft Windows. Emphasis on binary code analysis makes it particularly useful in cases where source is unavailable. OllyDbg is a shareware, but you can download and use it for free. Special hig ...
OnlineDFS - Online Digital Forensics Suite
Visit the Product SiteOnlineDFS enables network-based, real-time investigations of live, running computer systems. It is ideal for rapid incident response, compliance management and e-discovery in enterprises, and for the needs of law enforcement. OnLineDFS enables the rapid, ...
LinkAlyzer
Visit the Product Site
LinkAlyzer
LinkAlyzer is a forensic tool that decodes and displays the content of multiple link files (Windows Shortcuts) at the same time.
LinkAlyzer Loads multiple (tested on 40,000+) link files into a grid and Displays :
• Internal dates (whe ...
NetSentry Live New!
Visit the Product Site
NetSentry Live undetectably monitors network Internet traffic and captures, reconstructs, and stores original content in a searchable database. With its real-time alerts, NetSentry can provide the insight to identify both who and when suspicious or malici ...
Cain & Abel
Visit the Product SiteCain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP con ...
RevEnge
Visit the Product SiteRevEnge is a fully featured hex viewer designed with Reverse Engineering in mind, hence the name. It comes packed with features not seen in other Hex viewers such as it ability to perform on the fly decompression of ZLib compressed data, display and searc ...
PmExplorer
Visit the Product SitePmExplorer is a forensic software tool for the review and examination of PM files for Nokia mobile telephones. PM files can be obtained with third party hardware and software utilities such as SaraSoft and the SHU box. PmExplorer differs from current m ...
VidReport
Visit the Product SiteVidReport VidReport is a tool for the processing and reporting of video files (AVI's, MOV's etc.) VidReport can be used as a 'normal' video player to view the contents of the video, but in addition VidReport can parse the file and display just a selec ...