Tools

629 results - showing 41 - 60
« 1 2 3 4 5 6 7 8 9 10 ... »
belkasoft-trng
Belkasoft N FeaturedHot

Tools

License Type
Commercial - Paid
Developer
Belkasoft

Belkasoft Incident Investigations (Belkasoft N) is a tool for digital incident investigations, developed specifically for businesses and aimed to investigate hacking attempts of Windows-based computers.

By analyzing numerous sources, Belkasoft N can find traces, which are typical for various tricks used by hackers to penetrate company's infrastructure.

Logo
Belkasoft Triage FeaturedHot

Tools

License Type
Commercial - Paid
Developer
Belkasoft

Belkasoft Triage is a digital forensic and incident response tool developed specifically for a quick analysis of a live computer and making a partial image of important data.

Detect 1500+ artifact types and profiles and select only those artifacts which are needed to proceed with your investigation.

Logo

Tools

License Type
Commercial - Paid
Developer
Belkasoft

Accelerate your digital forensic and incident response investigations with Belkasoft Evidence Center X, an all-in-one product for mobile, computer memory, and cloud forensic examinations.

Belkasoft X works out of the box and can be easily integrated into customer workflows. The software interface is so user-friendly that you can start working with your cases right after the Belkasoft X deployment

Tools

License Type
Commercial - Paid
Developer
Cyacomb

For forensic analysts to build Contraband Filters™ from their own data sets of image and videos. Offer the ability to add newly discovered files and to merge Contraband Filters™.

 

Tools

License Type
Commercial - Paid
Developer
Cyacomb

Cyacomb Offender Manager and Cyacomb Responder empowers frontline investigators to rapidly triage digital devices in minutes.

Cyacomb Offender Manager and Cyacomb Responder were designed by frontline investigators for front line investigators. Easy to use, with no deep digital forensic knowledge required, users just plug in these tools and scan.

Tools

License Type
Commercial - Paid
Developer
Cyacomb

Like Cyacomb Forensics’ other digital triage tools, Cyacomb Mobile Triage scans mobile devices for known illegal content fast. Results can be reviewed on screen, with simple and clear red and green results displayed.

Cyacomb Mobile Triage operates from DATAPILOT 10 devices. Purpose built handheld computers that are rugged and portable, the combined tools help law enforcement offices to make informed decisions on scene.

Tools

License Type
Commercial - Paid
Developer
Cyacomb
Cyacomb Examiner is for investigators who want results fast. Our cutting edge block level hashing technology replaces slow MD5 scans detecting indecent images of children or terrorist material in minutes.
Our flagship forensic tool, Cyacomb Examiner is intended for skilled digital forensic analysts who want maximum control, maximum flexibility and detailed results – FAST.

Tools

License Type
Free
Developer
Harlan Carvey

Events-Ripper is based on the 5-field, pipe-delimited TLN "intermediate" events file format. This file is intermediate, as it the culmination or collection of normalized events from different data sources (i.e., Registry, WEVTX, MFT, etc.) that are then parsed into a deduped timeline.

The current iteration of Events-Ripper includes plugins that are written specifically for Windows Event Log (*.evtx) events.

This tool is intended to address a very specific problem set, one that leverages a limited data set to develop as much insight and situational awareness as possible from that data set.

Tools

License Type
Free

The DFIR4vSphere PowerShell module collects logs and forensics artefacts on both ESXi hosts and the vCenter console.

The module has two main functions:

  • Start-VC_Investigation: This function will collect all vSphere API calls registered on the vCenter, these logs are called VI events. You can also collect only events considered of interest. ESXi inventory, vCenter permissions and users report is also generated by the function. Optionally, a support bundle for the vCenter appliance can be generated.
  • Start-ESXi_Investigation: Collects forensics data on a single or multiple ESXi hosts. Optionally, a support bundle for each hypervisor targeted can be generated.

DFIR4vSphere was first presented at the CoRI&IN 2022 (Conférence sur la réponse aux incidents et l’investigation numérique). Slides of the presentation, in french language, are available here.

Tools

License Type
Commercial - Paid
Developer
Metaspike

Experts’ choice for investigating email fraud, business email compromise (BEC), malware delivery, and CAN-SPAM Act violations.

 

Tools

License Type
Commercial - Paid
Developer
Metaspike

Expertly preserve email evidence without breaking a sweat. Get plug & play output for digital forensic investigations and eDiscovery.

 

Tools

License Type
Free
Developer
Dan Mares (Maresware)
Performs an "intelligent" file COPY operation and is an excellent forensics and eDiscovery file copy tool.

 

Tools

License Type
Free
Developer
Dan Mares (Maresware)

Find duplicate records in output of Hash

Tools

License Type
Free
Developer
Dan Mares (Maresware)

Hashcmp can be used to compare the contents, line by line, of two files with similar records. When it finds records in one file that do not have a match in the other file, the program displays the mismatch on the screen. It is designed to display the differences in output files produced by the Maresware Hash program.

Tools

License Type
Free
Developer
Dan Mares (Maresware)

HK_Hash is a smaller version of Hash which is specially designed to calculate the 128 bit MD5 hash of a file(s) and create a comma delimeted output that is compatable with the hashkeeper requirements for a file which it to be loaded/imported into the hashkeeper data base.

Tools

License Type
Free
Developer
Dan Mares (Maresware)

Hash is designed to calculate a 32 bit CRC, 128 bit MD5 hash, 160 bit Secure Hash Algorithm (SHA1), or the SHA2  (256, 384 or 512 bit) of a file.

Tools

License Type
Free

Rip Raw is a small tool to analyse the memory of compromised Linux systems. It is similar in purpose to Bulk Extractor, but particularly focused on extracting system Logs from memory dumps from Linux systems. This enables you to analyse systems without needing to generate a profile.

This is not a replacement for tools such as Rekall and Volatility which use a profile to perform a more structured analysis of memory.

Rip Raw works by taking a Raw Binary such as a Memory Dump and carves files and logs using:

  • Text/binary boundaries

  • File headers and file magic

  • Log entries

Tools

License Type
Free
Developer
Foxton Forensics

Free tool for inspecting the contents of SQLite databases.

Tools

License Type
Free
Developer
Foxton Forensics

Browser History Viewer (BHV) is a forensic software tool for extracting and
viewing internet history from the main desktop web browsers.

Tools

License Type
Free
Developer
Foxton Forensics

Browser History Capturer allows you to easily capture web browser history from a Windows computer. The tool can be run from a USB dongle or via a Remote Desktop connection to capture history from Chrome, Edge, Firefox and Internet Explorer web browsers.

629 results - showing 41 - 60
« 1 2 3 4 5 6 7 8 9 10 ... »