Acquisition and Analysis

Tools used for the acquisition and bulk processing / analysis of evidence items

Active Disk Editor

Website: https://www.disk-editor.org Description: File / Disk Editor and Template Manager Author: LSoft Technologies License: https://www.lsoft.net/terms/ Version: 23.0.1 Notes:

Arsenal Image Mounter

Website: https://arsenalrecon.com Description: Forensic Image Mounter Author: Arsenal Recon License: https://github.com/ArsenalRecon/Arsenal-Image-Mounter/blob/master/LICENSE.md Version: 3.10.262 Notes:

Autopsy

Website: https://www.sleuthkit.org Description: GUI based application for image analysis Author: Brian Carrier / Basis Technology License: Apache 2.0 (https://github.com/sleuthkit/autopsy/blob/master/README.txt) Version: 4.21.0 Notes:

Elcomsoft Forensic Disk Decryptor

Website: https://www.elcomsoft.com/ Description: Tool for decrypting disks or extracting encryption keys from memory Author: Elcomsoft License: EULA (https://www.elcomsoft.com/legal.html) Version: 2.20.1011.6893 Notes: Available, but not installed by default

FEX Imager

Website: https://getdataforensics.com Description: Physical and Logical Imaging Tool Author: GetData Forensics License: Free Version: 2.2.1.283 Notes:

FEX Memory Imager

Website: https://getdataforensics.com Description: Memory Acquisition Tool Author: GetData Forensics License: Free Version: 1.10 Notes:

fit - Freezing Internet Tool

Website: https://github.com/fit-project/fit Description: Tool to forensically acquire web-based content like emails, social media, etc. Author: https://github.com/orgs/fit-project/people License: GNU General Public License v3 (https://github.com/fit-project/fit/blob/main/LICENSE) Version: 1.2.0 Notes: Requires npcap

FTK Imager

Website: https://www.exterro.com Description: Forensic Image Acquisition and Triage tool Author: Exterro Inc / AccessData License: EULA Version: 4.7.1.2 Notes:

Magnet Acquire

Website: https://www.magnetforensics.com Description: Evidence Acquisition tool Author: Jad Saliba - Magnet Forensics License: EULA Version: 2.68.0.36478 Notes:

Magnet AXIOM

Website: https://www.magnetforensics.com Description: Evidence Acquisition and Analysis toolset Author: Jad Saliba - Magnet Forensics License: EULA Version: 6.11.0.34807 Notes:

Magnet Chromebook Acquisition

Website: https://www.magnetforensics.com Description: Evidence Acquisition for Chromebook Author: Jad Saliba - Magnet Forensics License: EULA Version: 1.06 Notes:

Magnet DumpIt

Website: https://www.magnetforensics.com Description: Windows Memory Dump tools from Comae / Magnet Author: Magnet Forensics License: EULA Version: 20230117 Notes:

Magnet RAM Capture (MRC)

Website: https://magnetforensics.com Description: Windows memory capture utility Author: Magnet Forensics License: EULA Version: 1.2.0 Notes:

Magnet RESPONSE

Website: https://magnetforensics.com Description: Tool to collect data relevant to incident response investigations Author: Magnet Forensics License: EULA Version: 1.70 Notes:

OSFMount

Website: https://www.osforensics.com/tools/mount-disk-images.html Description: Drive / Disk / Image mounting tool Category: Acquisition and Analysis Author: PassMark License: Free (EULA, contained in software) Version: 3.1 Notes:

Pilfer

Website: https://github.com/digitalsleuth/forensics_tools Description: Rapid triage tool using Windows in-built binaries Author: Corey Forman (digitalsleuth) License: GNU General Public License v3 (https://github.com/digitalsleuth/forensics_tools/blob/master/LICENSE) Version: 3.1 Notes:

plaso (super timeline all the things)

Website: https://plaso.readthedocs.io/en/latest/ Description: Python 3 tool to generate a timeline of all artifacts Author: https://github.com/log2timeline/plaso/blob/main/AUTHORS License: Apache License v2 (https://github.com/log2timeline/plaso/blob/main/LICENSE) Version: 20230717 Notes: log2timeline.py, psort.py, psteal.py

Tableau Imager

Website: https://opentext.com Description: Disk / Device Imager Author: OpenText License: EULA Version: 20.3.3 Notes:

winpmem

Website: https://github.com/velocidex/WinPmem Description: Memory Acquisition Tool Author: Mike Cohen (scudette) License: Apache License v2 (https://github.com/Velocidex/WinPmem/blob/master/LICENSE) Version: 4.0.rc2 Notes:

X-Ways Forensics

Website: https://x-ways.net Description: Forensic Analysis Software Author: Stefan Fleischmann License: License Dependent - https://www.x-ways.net/terminology.html Version: 20.9 SR-3 x64 Notes:

X-Ways Forensics Templates

Website: https://github.com/digitalsleuth/xways-templates Description: Templates for X-Ways Templates Author: Community Driven (multiple authors) License: Version: 0.0.2 Notes:

PreviousUsing the InstallerNextDatabases

Last updated