Written
on
Some Free and Open-Source DFIR Tools
This post is just a tool reference collated in one post.
Disk Forensics:
- Autopsy (with TSK and Sleuth Kit)
- The Sleuth Kit
- Bulk Extractor
- Scalpel
- AFFLIB
Memory Forensics:
- Volatility
- Volatility plugins
- Magnet RAM Capture
- Memoryze
Mobile Device Forensics:
- Autopsy (with TSK and Sleuth Kit)
- AFLogical
- XRY (XAMN open)
Network Forensics:
- Wireshark
- Bro/Zeek
- NetworkMiner
- RouterSploit
Incident Response and Live Forensics:
- Autopsy (with TSK and Sleuth Kit)
- GRR Rapid Response
- OSSEC
- Memoryze
- IRIS
Log Analysis:
- Autopsy (with TSK and Sleuth Kit)
- Log2timeline
- Splunk
- ELK Stack (Elasticsearch, Logstash, Kibana)
Forensic Imaging:
- Autopsy (with TSK and Sleuth Kit)
- Guymager
Steganography Analysis:
- OpenStego
- StegHide
- OutGuess
Registry Analysis:
- RegRipper
- Regipy
Open-Source Intelligence (OSINT):
- OSINT Framework
File Integrity Verification and Hashing:
- Hashdeep
- ExifTool
Further research
Tools mentioned above and (other tools that will be discovered in the future) will be the subject of this blog. For research purposes!