| Name |
Source |
Description |
| Disk Tools |
| dcfldd |
SourceForge |
dcfldd is an enhanced version of GNU dd with features useful for forensics/security. |
| ImDisk |
www.ltr-data.se |
Windows virtual disk driver |
| FTK Imager |
AccessData |
Imaging tool and viewer |
| Email Analysis |
| Mail Viewer |
MiTeC |
Viewer for Outlook Express, Windows Mail/Windows Live Mail, Mozilla Thunderbird message databases, and single messages (EML files) |
| File and Data Analysis |
| DCode |
Digital Detective |
Date conversion/calculator utility |
| Shadow Explorer |
ShadowExplorer.com |
Volume Shadow Copy browser |
| Windows File Analyzer |
MiTeC |
Analyzes Thumbs.db, prefetch, shortcusts, index.DAT, and the Recycle Bin |
| JSUNPACK |
jsunpack.jeek.org |
A generic JavaScript Unpacker designed for security researchers and computer professionals. |
| General |
| HxD |
mh-nexus |
Freeware Hex Editor/Disk Editor |
| Notepad++ |
Don HO |
Advanced text editor |
| DSi USB Write-Blocker |
Document SOlutions, Inc |
Software USB write blocker |
| Internet History Analysis |
| ChromeAnalysis |
forensic-software.co.uk |
Analysis of Google Chrome usage data |
| Internet Evidence Finder |
JADsoftware |
Searches drives/images for Internet usage related artifacts (gmail, facebook, IE8 InPrivate/Recovery URLs, etc) |
| FoxAnalysis |
forensic-software.co.uk |
Analysis of Mozilla Firefox 3 usage data |
| Web Historian |
Mandiant |
Analysis of Internet Explorer, Firefox, and Google Chrome usage data |
| Network Analysis |
| Wireshark |
Wireshark |
Network Protocol Analyzer (capture/analysis) |
| Registry Analysis |
| RegRipper |
Harlan Carvey |
Extraction and analysis of “interesting” information found within the Windows registry |
| USBDeview |
NirSoft |
Lists all USB devices that were connected and/or used on a computer |