Skip to main content

🕵️ Digital Forensics Toolkit

Don’t ask me how I got this list … 😶

If you have any tips for what list should include, please use the contact page to get in touch with me.

Software and tools>

Software and tools #

The Cyber Swiss Army Knife>

The Cyber Swiss Army Knife #

  • Cyberchef - A must-have web application developed by the British GCHQ for encryption, encryption, compression and data analysis applications.
Hex editors>

Hex editors #

  • XXD - Linux tool for making hexdumps
  • HexEdit - CLI hex editor for Linux
  • Bless - GUI hex editor for Linux
  • HxD - GUI hex editor for Windows
  • Hex Fiend - GUI hex editor for MacOS
PE analysis>

PE analysis #

Disassemblers>

Disassemblers #

  • IDA - nteractive Disassembler for various executable file formats and architectures
  • Ghidra - Reverse engineering tool developed by the US National Security Agency (NSA)
Dynamic Analysis>

Dynamic Analysis #

  • x64 Debugger - Windows Tool for debugging binaries
  • Fakenet - Tool for simulating generic internet services in a lab environment developed by FireEye
  • iNetSIM - Tool for simulating generic internet services in a lab environment
Networkanalysis>

Networkanalysis #

  • WireShark - Tool for analyzing network protocols
  • Networkminer - Passive sniffer and packet capturing tool. Also suitable for exploring network traffic
  • Moloch - Tool for capturing, indexing and searching network traffic
  • Brimsecurity - Desktop application for indexing and searching network traffic
  • Snort - Open-source Intrusion Detection System (IDS), Intrusion Prevention System (IPS)
  • Suricata - Open-source Intrusion Detection System (IDS), Intrusion Prevention System (IPS) and Network Security Monitor (NSM)
  • Zeek - Open-source Network Security Monitor (NSM)
Data analysis and visualization>

Data analysis and visualization #

  • Kibana - Tool for exploring and visualizing Elasticsearch data
  • Elasticsearch - Open-source distributed search engine for various types of data
Operating Systems>

Operating Systems #

  • SIFT - Linux OS provided with various Digital Forensics and Incident Response tooling developed by SANS
  • REMNUX - Linux OS provides various malware analysis tools
  • Kali - Linux OS providing various Penetration Testing and Ethical Hacking tools
  • FlareVM - Windows OS provides various malware analysis tools
Analyze mobile apps>

Analyze mobile apps #

  • JD-GUI - Open-source Java Disassembler for rebuilding “.class” files
  • APKTool - Tool for reverse engineering APK files
  • Dex2Jar - Open-source tool to turn Android Dex files into Jar files.
Memory Forensics>

Memory Forensics #

  • Volatility - Open-source memory forensics toolkit
  • Rekall - Open-source memory forensics framework, includes additional functions for Forensics and Incident Response
Forensics>

Forensics #

  • The Sleuth Kit - A collection of CLI tools for forensics on disk images
  • FTK Imager - A data preview and imaging tool that lets you quickly assess electronic evidence to determine if further analysis with a forensic tool
Virtualization>

Virtualization #

  • VMWare Player - Virtualization software for Linux, Windows and MacOS
  • VirtualBox - Virtualization software for Linux, Windows and MacOS
Password cracking>

Password cracking #

  • THC-Hydra - Popular password brute-forcing tool that supports a large number of protocols
  • John - Open Source password security auditing and password recovery tool
  • Hashcat - Password cracking tool that supports a large number of hashes
Reading material>

Reading material #

Reverse engineering information>

Reverse engineering information #

Reverse engineering tutorials>

Reverse engineering tutorials #

Cheat sheets (general)>

Cheat sheets (general) #