🕵️ Forensics Tools

My subjective collection of incident response / digital forensics tools that I have used on training platforms such as Blue Team Labs Online, CyberDefenders, Hack The Box Sherlocks, Capture the Flag competitions, as well as in real life cases and incidents.

• Linux
• MacOS
• Memory
• Mobile
• Network
• Web Browsers
• Windows

🛠️ Support Tools

Forensic Linux Distributions

• SIFT (SANS Investigative Forensic Toolkit) Workstation
• CSI Linux
• Kali Linux
• PALADIN (Perform Action for Lookup and Analyze Digital Incident Natively)
• CAINE (Computer Aided INvestigative Environment)

Acquisition Tools

Disk Imaging

• FTK Imager (Windows)
• GuyMager (Linux)

Memory

• AVML (Acquire Volatile Memory for Linux)
• DumpIt
• FTK Imager
• LiME (Linux Memory Extractor)

Disk Images Analyzers/Viewers

• Autopsy
• Dissect
• FTK Imager
• The Sleuth Kit

Incident Response Management Tools

For Individuals

• Aurora Incident Response
• Kanvas for Incident Response

For Teams

• DFIR IRIS

Cyber Swiss army knife (data-related operations)

• CyberChef
  • Useful CyberChef recipes