Tools & Resources
Windows Forensics
Network Analysis Tools
Registry Analysis Tools
- RegRipper
- ShellBags Explorer
- AmcacheParser
- AppCompatCacheParser
- JLECmd
- RecentFileCacheParser
- Computer Account Forensic Artifact Extractor (cafae)
- Yet Another Registry Utility (yaru)
RDP Cache Analysis Tools
Recycle Bin Analysis Tools
“$” Files Analysis Tools
- MFTExplorer ($MFT)
- MFTECmd ($MFT, $Boot, $J, $SDS, and $LogFile (coming soon) parser)
- UsnJrnl2Csv ($UsnJrnl)
- INDXParse ($I30)
Logs Analysis Tools
- Log Parser (Windows Event Logs)
- Evtx Explorer/EvtxECmd
- Apache Scalp
Processes And Memory Analysis Tools
Disk And File Analysis Tools
Browsers Analysis Tools
- DB Browser for SQLite (Open “.sqlite” files)
- Nirsoft Web Browsers Tools (Contains a multitude of tools to open cache files, cookies and history data)
- BrowsingHistoryView
- ESEDatabaseView
- Session History Scrounger for Firefox (Opens “.jsonlz4” files)
- Sysinternals Strings
- OS Forensics
- Magnet IEF (Internet Evidence Finder)
- Browser History Viewer
- Browser History Examiner (Free Trial)
- Hindsight
- libsedb (Library to access the Extensible Storage Engine (ESE) Database File (EDB) format)
- Web Browser Addons View (Use to view installed extensions and addons)
- The LaZagne Project
- firepwd.py (open source tool to decrypt Mozilla protected passwords)
- Firefox Search Engine Extractor (Open ‘search.json.mozlz4’ files)
- Firefox Bookmark Backup Reader/Decompressor (Open ‘ jsonlz4’ files)
Frameworks, Toolkits and VM’s
- SANS SIFT Workstation
- ANSSI DFIR-ORC
- Redline
- OSForensics
- Kali Linux
- Forensic Toolkit FTK
- The Sleuth Kit
- EnCase
- C.A.I.N.E (Computer Aided INvestigative Environment)
Other
This post is licensed under CC BY 4.0 by the author.