Raw Parsers / Decoders

Basic tools for byte-level analysis of data blobs

Bulk Extractor

Website: https://digitalcorpora.org/downloads/bulk_extractor & https://github.com/simsong/bulk_extractor Description: Tool for extracting artifacts from random data Author: Simson L. Garfinkel License: MIT License (https://github.com/simsong/bulk_extractor/blob/main/LICENSE.md) Version: 1.5.5 Notes:

Cyberchef

Website: https://github.com/gchq/cyberchef Description: Web app for encryption, encoding, compression and data analysis Author: GCHQ License: Apache License v2.0 (https://github.com/gchq/CyberChef/blob/master/LICENSE) Version: 10.5.2 Notes:

Data Dump

Website: https://www.digital-detective.net/datadump/ Description: Tool to extract segments of data from an image or device Author: Craig Wilson (https://www.digital-detective.net) License: Version: 2.2.23081.23 Notes: x86

DCode

Website: https://www.digital-detective.net/dcode Description: Timestamp encoder/decoder Author: Craig Wilson (https://www.digital-detective.net) License: Version: 5.5.21194.40 Notes:

Hex Editor Neo (Free)

Website: https://www.hhdsoftware.com Description: Hex Editor Author: HHD Software License: EULA (https://www.hhdsoftware.com/company/terms-of-use) Version: 7.37.00.8578 Notes:

HxD

Website: https://mh-nexus.de Description: Hex Editor Author: Mael Horz License: https://mh-nexus.de/en/about.php Version: 2.5.0.0 Notes:

iptools

Website: https://github.com/digitalsleuth/forensics_tools Description: IP / Hex / Dec Conversion tool Author: Corey Forman License: GNU General Public License v3.0 (https://github.com/digitalsleuth/forensics_tools/blob/master/LICENSE) Version: 1.1 Notes:

MemProcFS

Website: https://github.com/ufrisk/MemProcFS Description: Memory Process File System Author: Ulf Frisk License: GNU Affero GPL v3.0 - https://github.com/ufrisk/MemProcFS/blob/master/LICENSE Version: 5.8.7 Notes:

Passware Encryption Analyzer

Website: https://www.passware.com Description: Encryption detection tool for various file types Author: Passware - Dmitry Sumin License: EULA (https://support.passware.com/hc/en-us/articles/221742768-What-are-the-terms-of-the-end-user-license-agreement-for-Passware-software-) Version: 2023.3.1.3695 Notes:

photorec / testdisk

Website: https://www.cgsecurity.org/ Description: Raw data parsing tool Author: Christophe Grenier License: GNU General Public License v2.0 (https://git.cgsecurity.org/cgit/testdisk/tree/COPYING) Version: 7.1 Notes:

pyson4

Website: https://github.com/digitalsleuth/pyson4 Description: A jsonlz4 file parser for Firefox Author: Corey Forman License: GNU General Public License v3 (https://github.com/digitalsleuth/pyson4/blob/master/LICENSE) Version: 1.1 Notes: pyson4, pyson4.py

smi-parser

Website: https://github.com/digitalsleuth/smi-parser Description: Parses Caroolive SMI GPS files Author: Corey Forman License: GNU General Public License v3.0 (https://github.com/digitalsleuth/smi-parser/blob/main/LICENSE) Version: 1.1.0 Notes: Available, but not installed by default

synchrony

Website: https://github.com/relative/synchrony Description: Javascript Cleaner and Deobfuscator Author: relative License: GNU General Public License v3 (https://github.com/relative/synchrony/blob/master/LICENSE.md) Version: 2.4.2 Notes: Requires nodejs to install, command is 'synchrony'

time-decode

Website: https://github.com/digitalsleuth/time_decode Description: Python timestamp encode / decode utility Author: Corey Forman License: MIT License (https://github.com/digitalsleuth/time_decode/blob/master/LICENSE) Version: 4.2 Notes:

yara-python

Website: https://github.com/VirusTotal/yara-python Description: Analyze files by generating rules around data to be found Author: Victor M. Alvarez (plusvic) License: Apache License v2.0 (https://github.com/VirusTotal/yara-python/blob/master/LICENSE) Version: 4.2.3 Notes: