🔍 A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.

TCP/IP packet demultiplexer. Download from:

Anti Forensics Tool For Red Teamers, Used For Erasing Footprints In The Post Exploitation Phase.

FAT filesystems explore, extract, repair, and forensic tool

RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.

Pseudo-malicious usermode memory artifact generator kit designed to easily mimic the footprints left by real malware on an infected Windows OS.

An AFF4 C++ implementation.

Comae Hibernation File Decompressor

Paragon APFS SDK Free

Change CRC checksums of your files.

Hardware arduino based mouse emulator, preventing screen saver locking (eg. during forensic investigation)

Windows tool for low-level access to any floppy disks, and comfortable high-level access to some legacy filesystems (ZX Spectrum, MS-DOS, etc.).

灵取证是一款功能强大且专业的安卓设备数据取证工具，专门为执法部门、司法机构和安全调查人员设计开发。本工具采用先进的取证技术，确保数据提取过程的完整性和准确性。本工具的开发和使用严格遵循相关法律法规框架，确保所有数据提取操作都在合法授权范围内进行。通过专业的数据处理流程，为执法调查工作提供可靠的电子证据支持。

This program detects if any security software (AV, EDR, XDR, firewall, etc.) is running on the system. The program searches the list of running processes and compares their names with a predefined list of known security software processes.

Process Hacker 2 Extended Edition — Advanced System Monitoring & Memory Management Suite. Enhanced Kernel-Level Access, Process Security Research Tool, and Real-Time Resource Analysis. Optimized for Windows 10/11 with Extended Plugin Support and Unlocked System Privileges.

An Incident Response tool to extract console command history and screen output buffer

It is based on bulk_extractor (https://github.com/simsong/bulk_extractor) and add scanners for record carving

A FUSE module to mount captured network data

A program and toolset to analyze iDevice USB sessions