Digital Forensics Security Tools

MacFIRE – (Mac Forensic Investigation & Response Engine)

Digital Forensics Investigation Platform

IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol.

AVML - Acquire Volatile Memory for Linux

TAPIR is a multi-user, client/server, incident response framework

Tool to find metadata and hidden information in the documents.

steganography program that hides data in various kinds of image and audio files

A toolkit for the post-mortem examination of Docker containers from forensic HDD copies

FUSE driver for APFS (Apple File System)

An advanced memory forensics framework

Investigate malicious Windows logon by visualizing and analyzing Windows event log

Github mirror of official Kismet repository

A tool for forensic file system reconstruction.

Forensics tool for NTFS (parser, mft, bitlocker, deleted files)

acquire is a tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container.

A better strings utility!

Forensic disk imager, designed to run on a Raspberry Pi, powered by libewf

GRR Rapid Response: remote live forensics for incident response