Most Important Computer Forensics Tools for Hackers and Security Professionals

Likewise, you can discover Computer Forensics & & Cyber Crime Investigation online Course from one of the finest Cybersecurity Elearning platforms.

Computer Forensics tools are more frequently used by security industries to test the vulnerabilities in network and applications by collecting the evidence to find a sign of compromise and take suitable mitigation Steps.

Here you can find the Comprehensive Computer Forensics tools list that covers Performing Forensics analysis and react to the incidents in all the Environment.

Collections of Computer Forensics Tools




dff — Forensic structure

IntelMQ — IntelMQ processes and collects security feeds

Laika BOSS — Laika is an object scanner and invasion detection system

PowerForensics — PowerForensics is a framework for live disk forensic analysis

The Sleuth Kit — Tools for low level forensic analysis

turbinia — Turbinia is an open-source framework for releasing, handling, and running forensic work on cloud platforms

Live forensics

grr — GRR Rapid Response: remote live forensics for event action


Rekall– Memory analysis structure, forked from Volatility in 2013.

chrome-url-dumper — Dump all regional kept infromation gathered by Chrome.

bstrings — Improved strings utility.


BlackLight– Windows/MacOS Computer Forensics tools client supporting hiberfil, pagefile, raw memory analysis.

timesketch — Collaborative forensic timeline analysis.

volatility — The memory forensic framework.

Timeline Analysis.

SiLK Tools — SiLK is a suite of network traffic collection and Computer Forensics tools analysis tools.

photorec — File carving tool.

Rekall — Memory Forensic Framework.

more at Recommended Readings by Andrew Case.

NetLytics — Analytics platform to process network data on Spark.

Learn forensics.



Muninn– A script to automate parts of analysis utilizing Volatility, and develop a legible report.

TotalRecall– Script based upon Volatility for automating various malware analysis tasks.

libewf — Libewf is a library and some tools to access the Expert Witness Compression Format (EWF, E01).

plaso — Extract timestamps from different files and aggregate them.

imagemounter — Command line energy and Python plan to ease the (un) mounting of forensic disk images.

evolve– Web interface for the Volatility Memory Forensics Framework.


OS X Forensics.

Disk image handling.

DFTimewolf — Framework for managing Computer Forensics tools collection, processing and information export utilizing GRR and Rekall.

more at Malware Analysis List.

Web Artifacts.

Wireshark — The network traffic analysis tool.

aff4 — AFF4 is an alternative, quick file format.

Guymager — Open source variation for disk imageing on linux systems.

VolUtility– Web Interface for Volatility Memory Analysis structure.

Windows Artifacts.

You can follow us on Linkedin, Twitter, Facebook for day-to-day Cybersecurity updates likewise you can take the Best Cybersecurity courses online to keep your self-updated.


floss — Static analysis tool to instantly deobfuscate strings from malware binaries.

Volatility– Advanced memory forensics structure.


hindsight — Internet history forensics for Google Chrome/Chromium.

DAMM– Differential Analysis of Malware in Memory, built on Volatility. — High speed memory analysis framework developed in.NET supports all Windows x64, consists of code stability and write assistance.

KeeFarce — Extract KeePass passwords from memory.

Memory Forensics.

VolDiff– Run Volatility on memory images prior to and after malware execution, and report modifications.

WinDbg– Live memory inspection and kernel debugging for Windows systems.

FTK Imager — Free imageing tool for windows.

VolUtility — Web App for Volatility framework.

Network Forensics.

WDBGARK– WinDBG Anti-RootKit Extension.

xmount — Convert in between different disk image formats.– High speed memory analysis structure developed in.NET supports all Windows x64, includes code integrity and write assistance.

File System Corpora.


bulk_extractor — Extracts informations like email adresses, creditscard numbers and histrograms of disk images.

FindAES– Find AES file encryption secrets in memory.