> For the complete documentation index, see [llms.txt](https://digitalsleuth.gitbook.io/win-for-documentation/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://digitalsleuth.gitbook.io/win-for-documentation/the-tools/acquisition-and-analysis.md). # Acquisition and Analysis ### Active Disk Editor Website: Description: File / Disk Editor and Template Manager\ Author: LSoft Technologies\ License: Version: 23.0.1\ Notes: ### Arsenal Image Mounter Website: Description: Forensic Image Mounter\ Author: Arsenal Recon\ License: Version: 3.10.262\ Notes: ### Autopsy Website: Description: GUI based application for image analysis\ Author: Brian Carrier / Basis Technology\ License: Apache 2.0 ( Version: 4.21.0\ Notes: ### Elcomsoft Forensic Disk Decryptor Website: Description: Tool for decrypting disks or extracting encryption keys from memory\ Author: Elcomsoft\ License: EULA ( Version: 2.20.1011.6893\ Notes: Available, but not installed by default ### FEX Imager Website: Description: Physical and Logical Imaging Tool\ Author: GetData Forensics\ License: Free\ Version: 2.2.1.283\ Notes: ### FEX Memory Imager Website: Description: Memory Acquisition Tool\ Author: GetData Forensics\ License: Free\ Version: 1.10\ Notes: ### fit - Freezing Internet Tool Website: Description: Tool to forensically acquire web-based content like emails, social media, etc.\ Author: License: GNU General Public License v3 ( Version: 1.2.0\ Notes: Requires npcap ### FTK Imager Website: Description: Forensic Image Acquisition and Triage tool\ Author: Exterro Inc / AccessData\ License: EULA\ Version: 4.7.1.2\ Notes: ### Magnet Acquire Website: Description: Evidence Acquisition tool\ Author: Jad Saliba - Magnet Forensics\ License: EULA\ Version: 2.68.0.36478\ Notes: ### Magnet AXIOM Website: Description: Evidence Acquisition and Analysis toolset\ Author: Jad Saliba - Magnet Forensics\ License: EULA\ Version: 6.11.0.34807\ Notes: ### Magnet Chromebook Acquisition Website: Description: Evidence Acquisition for Chromebook\ Author: Jad Saliba - Magnet Forensics\ License: EULA\ Version: 1.06\ Notes: ### Magnet DumpIt Website: Description: Windows Memory Dump tools from Comae / Magnet\ Author: Magnet Forensics\ License: EULA\ Version: 20230117\ Notes: ### Magnet RAM Capture (MRC) Website: Description: Windows memory capture utility\ Author: Magnet Forensics\ License: EULA\ Version: 1.2.0\ Notes: ### Magnet RESPONSE Website: Description: Tool to collect data relevant to incident response investigations\ Author: Magnet Forensics\ License: EULA\ Version: 1.70\ Notes: ### OSFMount Website: Description: Drive / Disk / Image mounting tool\ Category: Acquisition and Analysis\ Author: PassMark\ License: Free (EULA, contained in software)\ Version: 3.1\ Notes: ### Pilfer Website: Description: Rapid triage tool using Windows in-built binaries\ Author: Corey Forman (digitalsleuth)\ License: GNU General Public License v3 ( Version: 3.1\ Notes: ### plaso (super timeline all the things) Website: Description: Python 3 tool to generate a timeline of all artifacts\ Author: License: Apache License v2 ( Version: 20230717\ Notes: log2timeline.py, psort.py, psteal.py ### Tableau Imager Website: Description: Disk / Device Imager\ Author: OpenText\ License: EULA\ Version: 20.3.3\ Notes: ### winpmem Website: Description: Memory Acquisition Tool\ Author: Mike Cohen (scudette)\ License: Apache License v2 ( Version: 4.0.rc2\ Notes: ### X-Ways Forensics Website: Description: Forensic Analysis Software\ Author: Stefan Fleischmann\ License: License Dependent - Version: 20.9 SR-3 x64\ Notes: ### X-Ways Forensics Templates Website: Description: Templates for X-Ways Templates\ Author: Community Driven (multiple authors)\ License:\ Version: 0.0.2\ Notes: --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://digitalsleuth.gitbook.io/win-for-documentation/the-tools/acquisition-and-analysis.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.