🔍 A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.

The Sleuth Kit® (TSK) is a library and collection of command line digital forensics tools that allow you to investigate volume and file system data. The library can be incorporated into larger digital forensics tools and the command line tools can be directly used to find evidence.

TCP/IP packet demultiplexer. Download from:

Anti Forensics Tool For Red Teamers, Used For Erasing Footprints In The Post Exploitation Phase.

FAT filesystems explore, extract, repair, and forensic tool

RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.

Pseudo-malicious usermode memory artifact generator kit designed to easily mimic the footprints left by real malware on an infected Windows OS.

An AFF4 C++ implementation.

Comae Hibernation File Decompressor

Paragon APFS SDK Free

Change CRC checksums of your files.

Hardware arduino based mouse emulator, preventing screen saver locking (eg. during forensic investigation)

Windows tool for low-level access to any floppy disks, and comfortable high-level access to some legacy filesystems (ZX Spectrum, MS-DOS, etc.).

灵取证是一款功能强大且专业的安卓设备数据取证工具，专门为执法部门、司法机构和安全调查人员设计开发。本工具采用先进的取证技术，确保数据提取过程的完整性和准确性。本工具的开发和使用严格遵循相关法律法规框架，确保所有数据提取操作都在合法授权范围内进行。通过专业的数据处理流程，为执法调查工作提供可靠的电子证据支持。

This program detects if any security software (AV, EDR, XDR, firewall, etc.) is running on the system. The program searches the list of running processes and compares their names with a predefined list of known security software processes.

An Incident Response tool to extract console command history and screen output buffer

A FUSE module to mount captured network data

It is based on bulk_extractor (https://github.com/simsong/bulk_extractor) and add scanners for record carving

A program and toolset to analyze iDevice USB sessions