MVT (Mobile Verification Toolkit) helps with conducting forensics of mobile devices in order to find signs of a potential compromise.

Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.

A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs

Graph Visualization for windows event logs

Digital forensic analysis tool that provides a user-friendly interface for investigating disk images.

All-sources tool to search websites by favicons

Fast and robust date extraction from web pages, with Python or on the command-line

Cross-platform registry browser for raw Windows registry files

FIT is a modular suite of Python applications for digital forensic acquisition of online contents such as web pages, emails, social media, and more. Each module can run independently or as part of the full FIT suite.

ExeSpy is a cross-platform PE viewer for EXE and DLL files

Linux BPF plugins for Volatility3

Automate ssh private key extraction from ssh-agent

Save your corrupted images easily.Easy to use forensic tool.

A forensic analysis framework for enumerating slack artifacts residing in the Operating system.

A forensic tool to automatically extract as many artifacts as possible from the WhatsApp desktop/web client

Cryptocurrency Discovery and Triage Tool - Identify multiple cryptocurrency addresses and transactions from various wallet applications!

YellowDotDecode is a graphical application that decodes the hidden information embedded in the yellow dots printed by some printers. These yellow dots, often invisible to the naked eye, contain metadata such as the date, time, and serial number of the printer, which can be used to trace the source of a printed document.

MFT and USN parser that allows direct extraction in filesystem timeline format (mactime), dump all resident files in the MFT in their original folder structure and run yara rules over them all.

/ˈhäjˌpäj/ "a confused mixture."

Analysis-oriented command line tool for remote execution and triage via EDRs API