# Acquisition and Analysis

### Active Disk Editor

Website: <https://www.disk-editor.org\\>
Description: File / Disk Editor and Template Manager\
Author: LSoft Technologies\
License: <https://www.lsoft.net/terms/\\>
Version: 23.0.1\
Notes:

### Arsenal Image Mounter

Website: <https://arsenalrecon.com\\>
Description: Forensic Image Mounter\
Author: Arsenal Recon\
License: <https://github.com/ArsenalRecon/Arsenal-Image-Mounter/blob/master/LICENSE.md\\>
Version: 3.10.262\
Notes:

### Autopsy

Website: <https://www.sleuthkit.org\\>
Description: GUI based application for image analysis\
Author: Brian Carrier / Basis Technology\
License: Apache 2.0 (<https://github.com/sleuthkit/autopsy/blob/master/README.txt)\\>
Version: 4.21.0\
Notes:

### Elcomsoft Forensic Disk Decryptor

Website: <https://www.elcomsoft.com/\\>
Description: Tool for decrypting disks or extracting encryption keys from memory\
Author: Elcomsoft\
License: EULA (<https://www.elcomsoft.com/legal.html)\\>
Version: 2.20.1011.6893\
Notes: Available, but not installed by default

### FEX Imager

Website: <https://getdataforensics.com\\>
Description: Physical and Logical Imaging Tool\
Author: GetData Forensics\
License: Free\
Version: 2.2.1.283\
Notes:

### FEX Memory Imager

Website: <https://getdataforensics.com\\>
Description: Memory Acquisition Tool\
Author: GetData Forensics\
License: Free\
Version: 1.10\
Notes:

### fit - Freezing Internet Tool

Website: <https://github.com/fit-project/fit\\>
Description: Tool to forensically acquire web-based content like emails, social media, etc.\
Author: <https://github.com/orgs/fit-project/people\\>
License: GNU General Public License v3 (<https://github.com/fit-project/fit/blob/main/LICENSE)\\>
Version: 1.2.0\
Notes: Requires npcap

### FTK Imager

Website: <https://www.exterro.com\\>
Description: Forensic Image Acquisition and Triage tool\
Author: Exterro Inc / AccessData\
License: EULA\
Version: 4.7.1.2\
Notes:

### Magnet Acquire

Website: <https://www.magnetforensics.com\\>
Description: Evidence Acquisition tool\
Author: Jad Saliba - Magnet Forensics\
License: EULA\
Version: 2.68.0.36478\
Notes:

### Magnet AXIOM

Website: <https://www.magnetforensics.com\\>
Description: Evidence Acquisition and Analysis toolset\
Author: Jad Saliba - Magnet Forensics\
License: EULA\
Version: 6.11.0.34807\
Notes:

### Magnet Chromebook Acquisition

Website: <https://www.magnetforensics.com\\>
Description: Evidence Acquisition for Chromebook\
Author: Jad Saliba - Magnet Forensics\
License: EULA\
Version: 1.06\
Notes:

### Magnet DumpIt

Website: <https://www.magnetforensics.com\\>
Description: Windows Memory Dump tools from Comae / Magnet\
Author: Magnet Forensics\
License: EULA\
Version: 20230117\
Notes:

### Magnet RAM Capture (MRC)

Website: <https://magnetforensics.com\\>
Description: Windows memory capture utility\
Author: Magnet Forensics\
License: EULA\
Version: 1.2.0\
Notes:

### Magnet RESPONSE

Website: <https://magnetforensics.com\\>
Description: Tool to collect data relevant to incident response investigations\
Author: Magnet Forensics\
License: EULA\
Version: 1.70\
Notes:

### OSFMount

Website: <https://www.osforensics.com/tools/mount-disk-images.html\\>
Description: Drive / Disk / Image mounting tool\
Category: Acquisition and Analysis\
Author: PassMark\
License: Free (EULA, contained in software)\
Version: 3.1\
Notes:

### Pilfer

Website: <https://github.com/digitalsleuth/forensics\\_tools\\>
Description: Rapid triage tool using Windows in-built binaries\
Author: Corey Forman (digitalsleuth)\
License: GNU General Public License v3 (<https://github.com/digitalsleuth/forensics\\_tools/blob/master/LICENSE)\\>
Version: 3.1\
Notes:

### plaso (super timeline all the things)

Website: <https://plaso.readthedocs.io/en/latest/\\>
Description: Python 3 tool to generate a timeline of all artifacts\
Author: <https://github.com/log2timeline/plaso/blob/main/AUTHORS\\>
License: Apache License v2 (<https://github.com/log2timeline/plaso/blob/main/LICENSE)\\>
Version: 20230717\
Notes: log2timeline.py, psort.py, psteal.py

### Tableau Imager

Website: <https://opentext.com\\>
Description: Disk / Device Imager\
Author: OpenText\
License: EULA\
Version: 20.3.3\
Notes:

### winpmem

Website: <https://github.com/velocidex/WinPmem\\>
Description: Memory Acquisition Tool\
Author: Mike Cohen (scudette)\
License: Apache License v2 (<https://github.com/Velocidex/WinPmem/blob/master/LICENSE)\\>
Version: 4.0.rc2\
Notes:

### X-Ways Forensics

Website: <https://x-ways.net\\>
Description: Forensic Analysis Software\
Author: Stefan Fleischmann\
License: License Dependent - <https://www.x-ways.net/terminology.html\\>
Version: 20.9 SR-3 x64\
Notes:

### X-Ways Forensics Templates

Website: <https://github.com/digitalsleuth/xways-templates\\>
Description: Templates for X-Ways Templates\
Author: Community Driven (multiple authors)\
License:\
Version: 0.0.2\
Notes:


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://digitalsleuth.gitbook.io/win-for-documentation/the-tools/acquisition-and-analysis.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.