{"id":13809112,"url":"https://github.com/mesquidar/ForensicsTools","last_synced_at":"2025-05-14T05:33:09.444Z","repository":{"id":39894548,"uuid":"283451672","full_name":"mesquidar/ForensicsTools","owner":"mesquidar","description":"A list of free and open forensics analysis tools and other resources","archived":false,"fork":false,"pushed_at":"2025-04-20T08:28:38.000Z","size":148,"stargazers_count":1291,"open_issues_count":0,"forks_count":171,"subscribers_count":36,"default_branch":"master","last_synced_at":"2025-05-06T18:04:35.943Z","etag":null,"topics":["awesome-list","computer-fore","digital-forensics","forensic-analysis","forensic-tools","forensics","forensics-investigations","free","image-analysis","linux","macos","metada","metadata","network","open-source","timeline","tools","windows"],"latest_commit_sha":null,"homepage":"https://mesquidar.github.io/ForensicsTools/","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"cc0-1.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mesquidar.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-07-29T09:09:15.000Z","updated_at":"2025-05-06T15:07:43.000Z","dependencies_parsed_at":"2024-04-08T01:09:55.623Z","dependency_job_id":"5051f7c9-1cdf-4944-904b-c84b8126d2e0","html_url":"https://github.com/mesquidar/ForensicsTools","commit_stats":{"total_commits":25,"total_committers":4,"mean_commits":6.25,"dds":0.12,"last_synced_commit":"3d5af97d86cdb916889258dd7c3db9f5aa1c663d"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mesquidar%2FForensicsTools","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mesquidar%2FForensicsTools/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mesquidar%2FForensicsTools/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mesquidar%2FForensicsTools/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mesquidar","download_url":"https://codeload.github.com/mesquidar/ForensicsTools/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253877509,"owners_count":21977643,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["awesome-list","computer-fore","digital-forensics","forensic-analysis","forensic-tools","forensics","forensics-investigations","free","image-analysis","linux","macos","metada","metadata","network","open-source","timeline","tools","windows"],"created_at":"2024-08-04T01:02:02.231Z","updated_at":"2025-05-14T05:33:09.432Z","avatar_url":"https://github.com/mesquidar.png","language":null,"funding_links":[],"categories":["awesome-list","Other Lists"],"sub_categories":["TeX Lists"],"readme":"![](https://raw.githubusercontent.com/mesquidar/ForensicsTools/master/FORENSICS%20TOOLS.png)\n\n# Forensics Tools\nA list of free and open source forensics analysis tools and other resources. \n\n- [Forensics Tools](#forensics-tools)\n- [Collections](#collections)\n- [Tools](#tools)\n  - [Distributions](#distributions)\n  - [Frameworks](#frameworks)\n  - [Live forensics](#live-forensics)\n  - [Acquisition](#acquisition)\n  - [Imageing](#imageing)\n  - [Carving](#carving)\n  - [Memory Forensics](#memory-forensics)\n  - [Network Forensics](#network-forensics)\n  - [Windows Artifacts](#windows-artifacts)\n    - [NTFS/MFT Processing](#ntfsmft-processing)\n  - [OS X Forensics](#os-x-forensics)\n  - [Mobile Forensics](#mobile-forensics)\n  - [Docker Forensics](#docker-forensics)\n  - [Browser Artifacts](#browser-artifacts)\n  - [Timeline Analysis](#timeline-analysis)\n  - [Disk image handling](#disk-image-handling)\n  - [Decryption](#decryption)\n  - [Management](#management)\n  - [Picture Analysis](#picture-analysis)\n  - [Steganography](#steganography)\n  - [Metadata Forensics](#metadata-forensics)\n  - [Website Forensics](#website-forensics)\n- [Learn Forensics](#learn-forensics)\n  - [CTFs](#challenges)\n- [Resources](#resources)\n  - [Books](#books)\n  - [File System Corpora](#file-system-corpora)\n  - [Twitter](#twitter)\n  - [Blogs](#blogs)\n  - [Other](#other)\n- [Related Awesome Lists](#related-awesome-lists)\n\n## Collections\n\n- [DFIR – The definitive compendium project](https://aboutdfir.com) - Collection of forensic resources for learning and research. Offers lists of certifications, books, blogs, challenges and more\n- [DFIR-SQL-Query-Repo](https://github.com/abrignoni/DFIR-SQL-Query-Repo) - Collection of SQL queries templates for digital forensics use by platform and application.\n- [dfir.training](https://www.dfir.training/) - Database of forensic resources focused on events, tools and more\n- :star: [ForensicArtifacts.com Artifact Repository](https://github.com/ForensicArtifacts/artifacts) - Machine-readable knowledge base of forensic artifacts\n\n## Tools\n\n- [Forensics tools on Wikipedia](https://en.wikipedia.org/wiki/List_of_digital_forensics_tools)\n- [Eric Zimmerman's Tools](https://ericzimmerman.github.io/#!index.md)\n\n## Challenges\n\n- [Blue Team Labs Online](https://blueteamlabs.online/)\n\n### Distributions\n\n- [bitscout](https://github.com/vitaly-kamluk/bitscout) - LiveCD/LiveUSB for remote forensic acquisition and analysis\n- [CAINE](https://www.caine-live.net/)\n- [GRML-Forensic](https://grml-forensic.org/)\n- [Remnux](https://remnux.org/) - Distro for reverse-engineering and analyzing malicious software\n- :star:[SANS Investigative Forensics Toolkit (sift)](https://github.com/teamdfir/sift) - Linux distribution for forensic analysis\n- [Santoku Linux](https://santoku-linux.com/) - Santoku is dedicated to mobile forensics, analysis, and security, and packaged in an easy to use, Open Source platform.\n- [Sumuri Paladin](https://sumuri.com/software/paladin/) - Linux distribution that simplifies various forensics tasks in a forensically sound manner via the PALADIN Toolbox\n- [Tsurugi Linux](https://tsurugi-linux.org/) - Linux distribution for forensic analysis\n- [WinFE](https://www.winfe.net/home) - Windows Forensics enviroment\n- [Predator OS](http://predator-os.ir/) - Linux distribution for forensic analysis\n\n### Frameworks\n\n- :star:[Autopsy](http://www.sleuthkit.org/autopsy/) - SleuthKit GUI\n- [dff](https://github.com/arxsys/dff) - Forensic framework\n- [dexter](https://github.com/coinbase/dexter) - Dexter is a forensics acquisition framework designed to be extensible and secure\n- [IntelMQ](https://github.com/certtools/intelmq) - IntelMQ collects and processes security feeds\n- [Kuiper](https://github.com/DFIRKuiper/Kuiper) - Digital Investigation Platform\n- [Laika BOSS](https://github.com/lmco/laikaboss) - Laika is an object scanner and intrusion detection system\n- [RegRippy](https://github.com/airbus-cert/regrippy) - is a framework for reading and extracting useful forensics data from Windows registry hives.\n- [PowerForensics](https://github.com/Invoke-IR/PowerForensics) - PowerForensics is a framework for live disk forensic analysis\n- :star: [The Sleuth Kit](https://github.com/sleuthkit/sleuthkit) - Tools for low level forensic analysis\n- [turbinia](https://github.com/google/turbinia) - Turbinia is an open-source framework for deploying, managing, and running forensic workloads on cloud platforms\n- [IPED - Indexador e Processador de Evidências Digitais](https://github.com/sepinf-inc/IPED) - Brazilian Federal Police Tool for Forensic Investigations\n\n### Live forensics\n\n- [grr](https://github.com/google/grr) - GRR Rapid Response: remote live forensics for incident response\n- [Linux Expl0rer](https://github.com/intezer/linux-explorer) - Easy-to-use live forensics toolbox for Linux endpoints written in Python \u0026 Flask\n- [mig](https://github.com/mozilla/mig) - Distributed \u0026 real time digital forensics at the speed of the cloud\n- [osquery](https://github.com/osquery/osquery) - SQL powered operating system analytics\n\n### Acquisition\n\n- [artifactcollector](https://github.com/forensicanalysis/artifactcollector) - A customizable agent to collect forensic artifacts on any Windows, macOS or Linux system\n- [ArtifactExtractor](https://github.com/Silv3rHorn/ArtifactExtractor) - Extract common Windows artifacts from source images and VSCs\n- [AVML](https://github.com/microsoft/avml) - A portable volatile memory acquisition tool for Linux\n- [DFIR ORC](https://dfir-orc.github.io/) - Forensics artefact collection tool for systems running Microsoft Windows\n- [DumpIt](https://www.comae.com/dumpit/) - \n- [FastIR Collector](https://github.com/SekoiaLab/Fastir_Collector) - Collect artifacts on windows\n- [FireEye Memoryze](https://www.fireeye.com/services/freeware/memoryze.html) \n- [Fuji](https://github.com/Lazza/Fuji) - Graphical interface for the forensic logical acquisition of Mac computers\n- [LiME](https://github.com/504ensicsLabs/LiME) - Loadable Kernel Module (LKM), which allows the acquisition of volatile memory from Linux and Linux-based devices, formerly called DMD\n- [Magnet RAM Capture](https://www.magnetforensics.com/resources/magnet-ram-capture/) - is a free imaging tool designed to capture the physical memory \n- :star:[RAM Capturer](https://belkasoft.com/ram-capturer) - by Belkasoft is a free tool to dump the data from a computer’s volatile memory. It’s compatible with Windows OS.\n- [UFADE](https://github.com/prosch88/UFADE) - Extract files from Apple devices on Windows, Linux and MacOS. Mostly a wrapper for pymobiledevice3. Creates iTunes-style backups and \"advanced logical backups\"\n- [Velociraptor](https://github.com/Velocidex/velociraptor) - Velociraptor is a tool for collecting host based state information using Velocidex Query Language (VQL) queries\n\n### Imageing\n\n- :star:[BelkaImager](https://belkasoft.com/es/bat) - by Belkasoft  allows you to create images of hard and removable disks, Android and iOS devices and download data from the cloud.\n- [dc3dd](https://sourceforge.net/projects/dc3dd/) - Improved version of dd\n- [dcfldd](http://dcfldd.sourceforge.net) - Different improved version of dd (this version has some bugs!, another version is on github [adulau/dcfldd](https://github.com/adulau/dcfldd))\n- [FTK Imager](https://accessdata.com/product-download/ftk-imager-version-3-4-3/) - Free imageing tool for windows\n- :star:[Guymager](https://guymager.sourceforge.io/) - Open source version for disk imageing on linux systems\n\n### Carving\n\n- [bstrings](https://github.com/EricZimmerman/bstrings) - Improved strings utility\n- [bulk_extractor](https://github.com/simsong/bulk_extractor) - Extracts informations like email adresses, creditscard numbers and histrograms of disk images\n- [floss](https://github.com/fireeye/flare-floss) - Static analysis tool to automatically deobfuscate strings from malware binaries\n- :star: [photorec](https://www.cgsecurity.org/wiki/PhotoRec) - File carving tool\n- [swap_digger](https://github.com/sevagas/swap_digger) - A bash script used to automate Linux swap analysis, automating swap extraction and searches for Linux user credentials, Web form credentials, Web form emails, etc.\n\n### Memory Forensics\n\n- [FireEye RedLine](https://www.fireeye.com/services/freeware/redline.html) - provides host investigative capabilities to users to find signs of malicious activity through memory and file analysis and the development of a threat assessment profile.\n- [inVtero.net](https://github.com/ShaneK2/inVtero.net) - High speed memory analysis framework\n  developed in .NET supports all Windows x64, includes code integrity and write support\n- [KeeFarce](https://github.com/denandz/KeeFarce) - Extract KeePass passwords from memory\n- [MemProcFS](https://github.com/ufrisk/MemProcFS) - An easy and convenient way of accessing physical memory as files a virtual file system.\n- [Rekall](https://github.com/google/rekall) - Memory Forensic Framework\n- :star:[volatility](https://github.com/volatilityfoundation/volatility) - The memory forensic framework\n- [VolUtility](https://github.com/kevthehermit/VolUtility) - Web App for Volatility framework\n\n### Network Forensics\n\n- [NetworkMiner](https://www.netresec.com/?page=Networkminer)\n- [Xplico](https://www.xplico.org/)\n- :star:[WireShark](https://www.wireshark.org/)\n\n### Windows Artifacts\n\n- [Beagle](https://github.com/yampelo/beagle) -  Transform data sources and logs into graphs\n- [CrowdResponse](https://www.crowdstrike.com/resources/community-tools/crowdresponse/) - by CrowdStrike is a static host data collection tool\n- [FRED](https://www.pinguin.lu/fred) - Cross-platform microsoft registry hive editor\n- [LastActivityView](https://www.nirsoft.net/utils/computer_activity_view.html) - LastActivityView by Nirsoftis a tool for Windows operating system that collects information from various sources on a running system, and displays a log of actions made by the user and events occurred on this computer. \n- [LogonTracer](https://github.com/JPCERTCC/LogonTracer) - Investigate malicious Windows logon by visualizing and analyzing Windows event log \n- [python-evt](https://github.com/williballenthin/python-evt) - Pure Python parser for classic Windows Event Log files (.evt)\n- [RegRipper3.0](https://github.com/keydet89/RegRipper3.0) - RegRipper is an open source Perl tool for parsing the Registry and presenting it for analysis.\n\n#### NTFS/MFT Processing\n\n- [MFT-Parsers](http://az4n6.blogspot.com/2015/09/whos-your-master-mft-parsers-reviewed.html) - Comparison of MFT-Parsers\n- [MFTExtractor](https://github.com/aarsakian/MFTExtractor) - MFT-Parser\n- [NTFS journal parser](http://strozfriedberg.github.io/ntfs-linker/)\n- [NTFSTool](https://github.com/thewhiteninja/ntfstool) - Complete NTFS forensics tool\n- [NTFS USN Journal parser](https://github.com/PoorBillionaire/USN-Journal-Parser)\n- [RecuperaBit](https://github.com/Lazza/RecuperaBit) - Reconstruct and recover NTFS data\n- [python-ntfs](https://github.com/williballenthin/python-ntfs) - NTFS analysis\n\n### OS X Forensics\n\n- [APFS Fuse](https://github.com/sgan81/apfs-fuse) - is a read-only FUSE driver for the new Apple File System\n- [APOLLO](https://github.com/mac4n6/APOLLO)\n- [Disk-Arbitrator](https://github.com/aburgh/Disk-Arbitrator) - is a Mac OS X forensic utility designed to help the user ensure correct forensic procedures are followed during imaging of a disk device\n- [MAC OSX Artifacts](https://docs.google.com/spreadsheets/d/1X2Hu0NE2ptdRj023OVWIGp5dqZOw-CfxHLOW_GNGpX8/edit#gid=1317205466) - locations artifacts by mac4n6 group\n- [mac_apt (macOS Artifact Parsing Tool)](https://github.com/ydkhatri/mac_apt) - Extracts forensic artifacts from disk images or live machines\n- [MacLocationsScraper](https://github.com/mac4n6/Mac-Locations-Scraper) - Dump the contents of the location database files on iOS and macOS.\n- [macMRUParser](https://github.com/mac4n6/macMRU-Parser) - Python script to parse the Most Recently Used (MRU) plist files on macOS into a more human friendly format.\n- [OSXAuditor](https://github.com/jipegit/OSXAuditor)\n- [OSX Collect](https://github.com/Yelp/osxcollector)\n\n\n### Mobile Forensics\n\n- [Andriller](https://github.com/den4uk/andriller) - is software utility with a collection of forensic tools for smartphones. It performs read-only, forensically sound, non-destructive acquisition from Android devices\n- [ALEAPP](https://github.com/abrignoni/ALEAPP) - An Android Logs Events and Protobuf Parser\n- [iOS Frequent Locations Dumper](https://github.com/mac4n6/iOS-Frequent-Locations-Dumper) - Dump the contents of the StateModel#.archive files located in /private/var/mobile/Library/Caches/com.apple.routined/\n- [MEAT](https://github.com/jfarley248/MEAT) - Perform different kinds of acquisitions on iOS devices\n- [MobSF](https://github.com/MobSF/Mobile-Security-Framework-MobSF) - is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.\n- [OpenBackupExtractor](https://github.com/vgmoose/OpenBackupExtractor) - is an app for extracting data from iPhone and iPad backups.\n\n\n### Docker Forensics\n\n- [dof (Docker Forensics Toolkit)](https://github.com/docker-forensics-toolkit/toolkit) - Extracts and interprets forensic artifacts from disk images of Docker Host systems\n- [Docker Explorer](https://github.com/google/docker-explorer) Extracts and interprets forensic artifacts from disk images of Docker Host systems\n\n### Browser Artifacts\n\n- [ChromeCacheView](https://www.nirsoft.net/utils/chrome_cache_view.html) - by Nirsoft is a small utility that reads the cache folder of Google Chrome Web browser, and displays the list of all files currently stored in the cache\n- [chrome-url-dumper](https://github.com/eLoopWoo/chrome-url-dumper) - Dump all local stored infromation collected by Chrome\n- [Dumpzilla](http://www.dumpzilla.org/) - extract all forensic interesting information of Firefox, Iceweasel and Seamonkey browsers\n- [hindsight](https://github.com/obsidianforensics/hindsight) - Internet history forensics for Google Chrome/Chromium\n- [unfurl](https://github.com/obsidianforensics/unfurl) - Extract and visualize data from URLs\n\n### Timeline Analysis\n\n- [DFTimewolf](https://github.com/log2timeline/dftimewolf) - Framework for orchestrating forensic collection, processing and data export using GRR and Rekall\n- :star: [plaso](https://github.com/log2timeline/plaso) - Extract timestamps from various files and aggregate them\n- [timeliner](https://github.com/airbus-cert/timeliner) - A rewrite of mactime, a bodyfile reader\n- [timesketch](https://github.com/google/timesketch) - Collaborative forensic timeline analysis\n\n### Disk image handling\n\n- [Disk Arbitrator](https://github.com/aburgh/Disk-Arbitrator) - A Mac OS X forensic utility designed to help the user ensure correct forensic procedures are followed during imaging of a disk device\n- [imagemounter](https://github.com/ralphje/imagemounter) - Command line utility and Python package to ease the (un)mounting of forensic disk images\n- [libewf](https://github.com/libyal/libewf) - Libewf is a library and some tools to access the Expert Witness Compression Format (EWF, E01)\n- [OSFMount](https://www.osforensics.com/tools/mount-disk-images.html) - allows you to mount local disk image files (bit-for-bit copies of an entire disk or disk partition) in Windows as a physical disk or a logical drive\n- [PancakeViewer](https://github.com/forensicmatt/PancakeViewer) - Disk image viewer based in dfvfs, similar to the FTK Imager viewer.\n- [xmount](https://www.pinguin.lu/xmount) - Convert between different disk image formats\n\n### Decryption\n\n- [hashcat](https://hashcat.net/hashcat/) - Fast password cracker with GPU support\n- [John the Ripper](https://www.openwall.com/john/) - Password cracker\n\n### Management\n\n- [dfirtrack](https://github.com/stuhli/dfirtrack) - Digital Forensics and Incident Response Tracking application, track systems\n- [Incidents](https://github.com/veeral-patel/incidents) - Web application for organizing non-trivial security investigations. Built on the idea that incidents are trees of tickets, where some tickets are leads\n\n### Picture Analysis\n\n- [Ghiro](http://www.getghiro.org/) - is a fully automated tool designed to run forensics analysis over a massive amount of images\n- [sherloq](https://github.com/GuidoBartoli/sherloq) - An open-source digital photographic image forensic toolset\n\n\n### Steganography\n\n- [Binwalk](https://github.com/ReFirmLabs/binwalk) - Binwalk is a fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images.\n- [Foremost](https://github.com/korczis/foremost) - is a program to recover files based on their headers and footers\n- [Sonicvisualizer](https://www.sonicvisualiser.org)\n- [Steghide](https://github.com/StefanoDeVuono/steghide) - is a steganography program that hides data in various kinds of image and audio files\n- [Stegsolve](http://www.caesum.com/handbook/Stegsolve.jar) - analyze images in different planes by taking off bits of the image\n- [Wavsteg](https://github.com/samolds/wavsteg) - is a steganography program that hides data in various kinds of image and audio files\n- [Zsteg](https://github.com/zed-0xff/zsteg) - A steganographic coder for WAV files\n- [Audacity](https://www.audacityteam.org) - an easy-to-use, multi-track audio editor and recorder\n\n\n### Metadata Forensics\n\n- [ExifTool](https://exiftool.org/) by Phil Harvey\n- [Exiv2](https://www.exiv2.org) - Exiv2 is a Cross-platform C++ library and a command line utility to manage image metadata\n- [FOCA](https://github.com/ElevenPaths/FOCA) - FOCA is a tool used mainly to find metadata and hidden information in the documents\n\n### Website Forensics\n\n- [Freezing Internet Tool](https://github.com/fit-project/fit) - Python 3 application for forensic acquisition of online content, including web pages, emails, and social media.\n\n## Learn forensics\n\n- [Forensic challenges](https://www.amanhardikar.com/mindmaps/ForensicChallenges.html) - Mindmap of forensic challenges\n- [OpenLearn](https://www.open.edu/openlearn/science-maths-technology/digital-forensics/content-section-0?active-tab=description-tab) - Digital forensic course\n- [Training material](https://www.enisa.europa.eu/topics/trainings-for-cybersecurity-specialists/online-training-material/technical-operational) - Online training material by European Union Agency for Network and Information Security for different topics (e.g. [Digital forensics](https://www.enisa.europa.eu/topics/trainings-for-cybersecurity-specialists/online-training-material/technical-operational/#digital_forensics), [Network forensics](https://www.enisa.europa.eu/topics/trainings-for-cybersecurity-specialists/online-training-material/technical-operational/#network_forensics))\n\n### Challenges\n\n- [AnalystUnknown Cyber Range](https://aucr.io/auth/login?next=%2F)\n- [Champlain College DFIR CTF](https://champdfa-ccsc-sp20.ctfd.io)\n- [Corelight CTF](https://www3.corelight.com/l/420832/2020-03-31/lcxk2q)\n- [CyberDefenders](https://cyberdefenders.org) \n- [DefCon CTFs](https://archive.ooo) - archive of DEF CON CTF challenges.\n- [Forensics CTFs](https://github.com/apsdehal/awesome-ctf/blob/master/README.md#forensics)\n- [IncidentResponse Challenge](https://incident-response-challenge.com)\n- [MagnetForensics CTF Challenge](https://www.magnetforensics.com/blog/magnet-weekly-ctf-challenge)\n- [MalwareTech Challenges](https://www.malwaretech.com/challenges)\n- [MalwareTraffic Analysis](https://www.malware-traffic-analysis.net/training-exercises.html)\n- [MemLabs](https://github.com/stuxnet999/MemLabs)\n- [NW3C Chanllenges](https://nw3.ctfd.io)\n- [PivotProject](https://pivotproject.org/challenges/digital-forensics-challenge)\n- [Precision Widgets of North Dakota Intrusion](https://betweentwodfirns.blogspot.com/2017/11/dfir-ctf-precision-widgets-of-north.html)\n- [ReverseEngineering Challenges](https://challenges.re)\n- [SANS Forensics Challenges](https://digital-forensics.sans.org/community/challenges)\n\n## Resources\n\n### Webs\n\n- [ForensicsFocus](https://www.forensicfocus.com/)\n- [InsecInstitute Resources](https://resources.infosecinstitute.com/)\n- [SANS Digital Forensics](https://digital-forensics.sans.org/)\n\n\n### Blogs\n\n- [Cyberforensics](https://cyberforensics.com/blog/)\n- [Cyberforensicator](https://cyberforensicator.com/)\n- [DigitalForensicsMagazine](https://digitalforensicsmagazine.com/blogs/)\n- [FlashbackData](https://www.flashbackdata.com/blog/)\n- [Netresec](https://www.netresec.com/index.ashx?page=Blog)\n- [roDigitalForensics](https://prodigital4n6.com/blog/)\n- [SANS Forensics Blog](https://www.sans.org/blog/?focus-area=digital-forensics)\n- [SecurityAffairs](https://securityaffairs.co/wordpress/) - blog by Pierluigi Paganini\n- [thisweekin4n6.wordpress.com](thisweekin4n6.wordpress.com) - Weekly updates for forensics\n- [Zena Forensics](https://blog.digital-forensics.it/)\n\n### Books\n\n*more at [Recommended Readings](http://dfir.org/?q=node/8) by Andrew Case*\n\n- [Network Forensics: Tracking Hackers through Cyberspace](https://www.pearson.com/us/higher-education/program/Davidoff-Network-Forensics-Tracking-Hackers-through-Cyberspace/PGM322390.html) - Learn to recognize hackers’ tracks and uncover network-based evidence\n- [The Art of Memory Forensics](https://www.memoryanalysis.net/amf) - Detecting Malware and Threats in Windows, Linux, and Mac Memory\n- [The Practice of Network Security Monitoring](https://nostarch.com/nsm) - Understanding Incident Detection and Response\n- [Cell Phone Investigations: Search Warrants, Cell Sites and Evidence Recovery](https://cryptome.org/2015/11/Cell-Phone-Investigations.pdf) - Cell Phone Investigations is the most comprehensive book written on cell phones, cell sites, and cell related data.\n\n### File System Corpora\n\n- [Digital Forensic Challenge Images](https://www.ashemery.com/dfir.html) - Two DFIR challenges with images\n- [Digital Forensics Tool Testing Images](http://dftt.sourceforge.net)\n- [FAU Open Research Challenge Digital Forensics](https://openresearchchallenge.org/digitalForensics/appliedforensiccomputinggroup)\n- [The CFReDS Project](https://www.cfreds.nist.gov)\n  - [Hacking Case (4.5 GB NTFS Image)](https://www.cfreds.nist.gov/Hacking_Case.html)\n\n### Twitter\n\n- [@4n6ist](https://twitter.com/4n6ist)\n- [@aheadless](https://twitter.com/aheadless)\n- [@AppleExaminer](https://twitter.com/AppleExaminer) - Apple OS X \u0026 iOS Digital Forensics\n- [@blackbagtech](https://twitter.com/blackbagtech)\n- [@carrier4n6](https://twitter.com/carrier4n6) - Brian Carrier, author of Autopsy and the Sleuth Kit\n- [@CindyMurph](https://twitter.com/CindyMurph) - Detective \u0026 Digital Forensic Examiner\n- [@EricRZimmerman](https://twitter.com/EricRZimmerman) - Certified SANS Instructor\n- [@forensikblog](https://twitter.com/forensikblog) - Computer forensic geek\n- [@HECFBlog](https://twitter.com/HECFBlog) - SANS Certified Instructor\n- [@Hexacorn](https://twitter.com/Hexacorn) - DFIR+Malware\n- [@hiddenillusion](https://twitter.com/hiddenillusion)\n- [@iamevltwin](https://twitter.com/iamevltwin) - Mac Nerd, Forensic Analyst, Author \u0026 Instructor of SANS FOR518\n- [@jaredcatkinson](https://twitter.com/jaredcatkinson) - PowerShell Forensics\n- [@maridegrazia](https://twitter.com/maridegrazia) - Computer Forensics Examiner\n- [@sleuthkit](https://twitter.com/sleuthkit)\n- [@williballenthin](https://twitter.com/williballenthin)\n- [@XWaysGuide](https://twitter.com/XWaysGuide)\n\n\n### Other\n\n- [/r/computerforensics/](https://www.reddit.com/r/computerforensics/) - Subreddit for computer forensics\n- [ForensicControl](https://www.forensiccontrol.com/free-software) - \n- [ForensicPosters](https://github.com/Invoke-IR/ForensicPosters) - Posters of file system structures\n- [HFS+ Resources](https://github.com/mac4n6/HFSPlus_Resources)\n- [mac4n6 Presentations](https://github.com/mac4n6/Presentations) - Presentation Archives for OS X and iOS Related Research\n- [SANS Forensics CheatSheets](https://digital-forensics.sans.org/community/cheat-sheets) - Different CheatSheets from SANS\n- [SANS Digital Forensics Posters](https://digital-forensics.sans.org/community/posters) - Digital Forensics Posters from SANS\n- [SANS WhitePapers](https://digital-forensics.sans.org/community/whitepapers) - White Papers written by forensic practitioners seeking GCFA, GCFE, and GREM Gold\n\n## Related Awesome Lists\n\n- [Android Security](https://github.com/ashishb/android-security-awesome)\n- [AppSec](https://github.com/paragonie/awesome-appsec)\n- [Awesome Forensics](https://github.com/cugu/awesome-forensics)\n- [CTFs](https://github.com/apsdehal/awesome-ctf)\n- [Hacking](https://github.com/carpedm20/awesome-hacking)\n- [Honeypots](https://github.com/paralax/awesome-honeypots)\n- [Incident-Response](https://github.com/meirwah/awesome-incident-response)\n- [Infosec](https://github.com/onlurking/awesome-infosec)\n- [Malware Analysis](https://github.com/rshipp/awesome-malware-analysis)\n- [Pentesting](https://github.com/enaqx/awesome-pentest)\n- [Security](https://github.com/sbilly/awesome-security)\n- [Social Engineering](https://github.com/v2-dev/awesome-social-engineering)\n- [YARA](https://github.com/InQuest/awesome-yara)\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmesquidar%2FForensicsTools","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmesquidar%2FForensicsTools","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmesquidar%2FForensicsTools/lists"}