🕵️‍♂️ Digital Forensics Tools

A curated list of essential digital forensics tools used for investigation, data recovery, and security analysis. These tools help in disk forensics, memory analysis, network monitoring, malware analysis, and more.

🛠 Disk Forensics Tools

🔍 Disk Imaging & Cloning

• Autopsy – GUI-based forensic tool for disk analysis.
• The Sleuth Kit (TSK) – Command-line toolkit for file system forensics.
• FTK Imager – Disk imaging and evidence collection.
• dd (Data Dump) – CLI tool for disk cloning and imaging.
• dcfldd – Enhanced version of dd for forensics.
• Guymager – Fast forensic imaging tool with a GUI.

🗂 File System & Partition Analysis

• TestDisk – Recover lost partitions and repair disk structures.
• PhotoRec – File recovery from storage media.
• X-Ways Forensics – Advanced disk and file system analysis tool.
• AccessData FTK (Forensic Toolkit) – Full forensic investigation suite.

🔎 Metadata & Hash Analysis

• ExifTool – Extract metadata from files.
• md5sum, sha256sum – Verify file integrity with hash values.
• Hashdeep – Compute and audit hashes for large datasets.

🧩 File Recovery & Carving

• Foremost – Recover deleted files based on headers, footers, and data structures.
• Scalpel – File carving tool for deleted file recovery.
• Recuva – User-friendly file recovery software.

🔥 Live Disk Analysis

• Mount Image Pro – Mount disk images for live forensic analysis.
• OSForensics – Windows-based live forensic analysis tool.
• CAINE (Computer Aided Investigative Environment) – Live Linux forensic distro with built-in tools.

🧠 Memory Forensics Tools

🔍 Memory Dumping Tools

• DumpIt – One-click RAM dumping tool for Windows.
• WinPmem – Windows memory acquisition tool.
• LiME – Extracts live memory from Linux systems.
• AVML – Memory acquisition for Linux & Azure VMs.
• OSForensics – RAM imaging and forensic analysis.

🔬 Memory Analysis Tools

• Volatility – Open-source framework for memory analysis.
• Volatility 3 – Python 3-based version with enhanced support.
• Rekall – Memory forensic framework from Google.
• MemProcFS – Mounts memory dumps as a virtual file system.
• Redline – Analyzes memory for malware infections.

🦠 Malware & Process Analysis

• Malfind – Detects malicious code injections.
• YARA – Signature-based malware detection in RAM.
• Strings – Extracts readable text from memory dumps.
• PE-sieve – Detects injected malicious code.
• HollowsHunter – Identifies process hollowing and malware injections.

📊 Memory Timeline & Log Analysis

• Log2Timeline (Plaso) – Creates forensic timelines from memory artifacts.
• Memtriage – Rapid triage tool for incident response.
• Efilter – Query and analyze memory artifacts efficiently.

🌐 Network Forensics Tools

🔎 Packet Sniffers & Traffic Analysis

• Wireshark – GUI-based packet analyzer for real-time network traffic analysis.
• tcpdump – Command-line packet sniffer for capturing network packets.
• TShark – CLI version of Wireshark for automated packet analysis.

🕵️ Intrusion Detection & Network Security Monitoring

• Zeek (Bro) – Network traffic analysis tool for security monitoring.
• Suricata – High-performance network IDS, IPS, and NSM tool.
• Snort – Open-source intrusion detection and prevention system (IDS/IPS).

🛠️ Log Analysis & Network Flow Monitoring

• Argus – Network flow analysis tool for session data monitoring.
• ELK Stack (Elasticsearch, Logstash, Kibana) – Log collection and visualization for network logs.
• Splunk – Advanced log analysis and SIEM for real-time network forensics.

🔓 Deep Packet Inspection & Protocol Analysis

• NetworkMiner – Passive network traffic analyzer for extracting forensic data.
• Xplico – Network forensic tool for reconstructing network sessions.
• NetFlow Analyzer – Monitors and analyzes network traffic using NetFlow data.

📡 Wireless Network Forensics

• Kismet – Wireless network sniffer and intrusion detection tool.
• Aircrack-ng – Wi-Fi network security assessment and packet capturing.
• WiFi Pineapple – Wireless network penetration testing and monitoring.

🖥️ Man-in-the-Middle (MitM) & Traffic Manipulation

• ettercap – MitM attack tool for sniffing and network manipulation.
• MITMf – Advanced framework for network traffic interception and manipulation.
• Bettercap – Swiss army knife for network forensics, pentesting, and MitM attacks.

🏴‍☠️ Darknet & Deep Web Analysis

• Tor – Anonymity network used for deep web forensics.
• ONIONScan – Deep web analysis and onion service scanning.

📱 Mobile Forensics Tools

🔍 Mobile Data Extraction & Analysis

• Cellebrite UFED – Industry-standard tool for extracting data from mobile devices.
• Magnet AXIOM – Mobile forensic analysis and recovery tool.
• Oxygen Forensic Suite – Mobile data extraction, call logs, and app analysis.
• XRY – Mobile forensics tool for data extraction and decoding.
• MOBILedit Forensic – Mobile device investigation with logical and physical extraction.
• Belkasoft Evidence Center – Extracts data from iOS, Android, and cloud services.

🔧 Android Forensics

• ADB (Android Debug Bridge) – Command-line tool for interacting with Android devices.
• Andriller – Android pattern lock cracker and data extraction.
• AFLogical – Open-source tool for logical data extraction from Android.
• Frida – Dynamic instrumentation tool for Android reverse engineering.
• Drozer – Security testing framework for Android apps.
• Apktool – Reverse engineer APK files.

🍏 iOS Forensics

• iLEAPP (iOS Logs, Events, And Properties Parser) – Extracts logs and artifacts from iOS devices.
• Checkm8 / Checkra1n – Jailbreaking tool for forensic extraction.
• Elcomsoft iOS Forensic Toolkit – Extracts data from iOS devices, even locked ones.
• iExplorer – Browse iOS file systems without jailbreaking.
• Cydia Impactor – Install apps and exploit sideloading vulnerabilities.

🌐 Cloud & Online Data Extraction

• Oxygen Forensic Cloud Extractor – Extracts mobile data from cloud accounts.
• Google Takeout – Download data from Google services (Gmail, Drive, etc.).
• iCloudExtractor – Extracts backups from iCloud.

📶 SIM & IMEI Forensics

• SIM Cloning Tool – Clone and analyze SIM card data.
• Oxygen SIM Detective – Extracts data from SIM cards.
• MOBILedit SIM Clone – Copies SIM data and recovers deleted messages.

🔍 Mobile App & Messaging Analysis

• WhatsApp Viewer – Extracts WhatsApp messages from databases.
• UFED Physical Analyzer – Analyzes mobile apps and messaging platforms.
• SQLite Forensic Browser – Investigates SQLite databases from apps like WhatsApp and Telegram.
• Paraben E3 – Extracts and analyzes messages from social media and chat apps.

🦠 Malware Forensics Tools

🔍 1. Static Analysis Tools

• IDA Pro – Advanced disassembler and decompiler.
• Ghidra – Open-source reverse engineering framework.
• Radare2 – Binary analysis and reversing tool.
• PEStudio – Analyzes Windows executables for malware indicators.
• Detect It Easy (DIE) – Detects compiler and packer information.

⚙️ 2. Dynamic Analysis Tools

• Cuckoo Sandbox – Automated malware sandbox.
• Any.Run – Interactive cloud-based malware analysis.
• Joe Sandbox – Advanced malware sandboxing.
• FakeNet-NG – Simulates network services to capture malware behavior.

💾 3. Memory Forensics Tools

• Volatility – Extracts artifacts from RAM dumps.
• Rekall – Memory forensics and incident response.
• RAM Capturer – Captures live RAM data.

🔗 4. Malware Behavior Analysis

• Process Hacker – Monitors and manipulates processes.
• ProcMon (Process Monitor) – Tracks system activity in real-time.
• Regshot – Compares registry snapshots.
• APIMonitor – Tracks API calls used by malware.

🛠 5. Code & String Analysis Tools

• YARA – Rule-based malware classification.
• Floss – Extracts obfuscated strings from malware.
• Binwalk – Extracts and analyzes firmware.

🌍 6. Online Malware Analysis Services

• VirusTotal – Multi-engine malware scanning.
• Hybrid Analysis – Free cloud-based malware sandbox.
• MalShare – Public malware sample repository.
• URLScan.io – Analyzes suspicious URLs for threats.

☁️ Cloud Forensics Tools

🔍 Cloud Logging & Monitoring

• AWS CloudTrail – Tracks API activity and security events in AWS.
• AWS GuardDuty – Threat detection for AWS accounts.
• Google Cloud Logging – Collects logs from Google Cloud services.
• Azure Monitor – Tracks Azure activity and performance.

🗂 Cloud Storage Forensics

• Google Takeout – Extracts data from Google accounts (Drive, Gmail, etc.).
• AWS S3 Access Logs – Monitors object access in AWS S3.
• Azure Storage Analytics – Logs Azure Storage activity.

💾 Cloud Instance & Virtual Machine Forensics

• Velociraptor – Endpoint forensics and cloud-based threat hunting.
• AWS EC2 Instance Metadata – Retrieves forensic metadata from AWS instances.
• Google Cloud Compute Disk Snapshots – Captures VM snapshots for investigation.
• Azure Disk Forensics – Forensic analysis of Azure virtual disks.

📡 Cloud Network Traffic Analysis

• Zeek (Bro) – Network monitoring tool for cloud environments.
• AWS VPC Flow Logs – Captures AWS network traffic.
• Google VPC Flow Logs – Logs network traffic in Google Cloud.
• Azure Network Watcher – Monitors traffic flow in Azure.

🔑 Cloud Identity & Access Forensics

• AWS IAM Access Analyzer – Analyzes permissions and access control.
• Google Cloud IAM Policy Analyzer – Checks permissions and access logs.
• Azure Active Directory Audit Logs – Tracks identity-related activities.

⚠️ Cloud Incident Response

• GRR Rapid Response – Live forensics for cloud instances.
• AWS Security Hub – Centralized security alerts for AWS.
• Google Chronicle – Threat intelligence for Google Cloud.
• Azure Sentinel – Cloud-native SIEM for security monitoring.

📧 Email Forensics Tools

🔍 Email Header Analysis

• MHA (Message Header Analyzer) – Online tool to analyze email headers and detect phishing.
• MXToolbox – Extract sender IP, SPF, DKIM, and DMARC records.
• Wireshark – Packet capture tool for SMTP, IMAP, and POP3 analysis.

📨 Email Metadata Extraction

• EmailTracer – Python tool to extract and analyze email headers.
• ExifTool – Extract metadata from email files (.eml, .msg).
• Xplico – Extract emails from network traffic captures.

📜 Log & Email File Analysis

• Log2Timeline (Plaso) – Create timelines from email and system logs.
• MailXaminer – Advanced email forensic investigation tool.
• Forensic Email Collector – Extract and analyze cloud-based emails.

🔑 Phishing & Malicious Email Investigation

• PhishTool – Identify phishing attempts from email headers.
• VirusTotal – Scan email attachments and URLs for malware.
• YARA – Detect patterns in malicious emails and attachments.

🛠️ Email Data Recovery & Conversion

• Mail Viewer – View and extract data from .eml and .msg files.
• Aid4Mail – Convert, search, and analyze email data.
• Kernel Email Recovery – Recover deleted or corrupted email data.

🌟 Let's Connect!

Hello, Hacker! 👋 We'd love to stay connected with you. Reach out to us on any of these platforms and let's build something amazing together:

🌐 Website: https://yogsec.github.io/yogsec/
📜 Linktree: https://linktr.ee/yogsec
🔗 GitHub: https://github.com/yogsec
💼 LinkedIn (Company): https://www.linkedin.com/company/yogsec/
📷 Instagram: https://www.instagram.com/yogsec.io/
🐦 Twitter (X): https://x.com/yogsec
👨‍💼 Personal LinkedIn: https://www.linkedin.com/in/cybersecurity-pentester/
📧 Email: [email protected]

☕ Buy Me a Coffee

☕ Support Us Here: https://buymeacoffee.com/yogsec