{"id":26560462,"url":"https://github.com/yogsec/digital-forensics-tools","last_synced_at":"2025-06-16T10:44:10.809Z","repository":{"id":283779785,"uuid":"952896977","full_name":"yogsec/Digital-Forensics-Tools","owner":"yogsec","description":"A curated list of essential digital forensics tools used for investigation, data recovery, and security analysis. These tools help in disk forensics, memory analysis, network monitoring, malware analysis, and more.","archived":false,"fork":false,"pushed_at":"2025-03-22T05:59:34.000Z","size":99,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-03-22T06:20:25.584Z","etag":null,"topics":["bug-bounty-tools","bugbounty","cybersecurity","cybersecurity-tools","digital-forensics","digital-forensics-tool","digital-forensics-tools","ethicalhacking","forensic-analysis","forensic-investigation","forensics","kali-linux","linux","osint","pentesting","pentesting-tools","yogsec"],"latest_commit_sha":null,"homepage":"https://linktr.ee/yogsec","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/yogsec.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":["yogsec"],"patreon":null,"open_collective":null,"ko_fi":null,"tidelift":null,"community_bridge":null,"liberapay":null,"issuehunt":null,"lfx_crowdfunding":null,"polar":null,"buy_me_a_coffee":null,"thanks_dev":null,"custom":null}},"created_at":"2025-03-22T05:15:40.000Z","updated_at":"2025-03-22T06:01:48.000Z","dependencies_parsed_at":"2025-03-22T06:20:29.688Z","dependency_job_id":"177aa4c7-a32d-446c-bda0-bd90f31f89d6","html_url":"https://github.com/yogsec/Digital-Forensics-Tools","commit_stats":null,"previous_names":["yogsec/digital-forensics-tools"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yogsec%2FDigital-Forensics-Tools","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yogsec%2FDigital-Forensics-Tools/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yogsec%2FDigital-Forensics-Tools/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yogsec%2FDigital-Forensics-Tools/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/yogsec","download_url":"https://codeload.github.com/yogsec/Digital-Forensics-Tools/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":244959458,"owners_count":20538629,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bug-bounty-tools","bugbounty","cybersecurity","cybersecurity-tools","digital-forensics","digital-forensics-tool","digital-forensics-tools","ethicalhacking","forensic-analysis","forensic-investigation","forensics","kali-linux","linux","osint","pentesting","pentesting-tools","yogsec"],"created_at":"2025-03-22T13:17:54.979Z","updated_at":"2025-03-22T13:17:55.633Z","avatar_url":"https://github.com/yogsec.png","language":null,"funding_links":["https://github.com/sponsors/yogsec","https://buymeacoffee.com/yogsec"],"categories":[],"sub_categories":[],"readme":"# šŸ•µļøā€ā™‚ļø Digital Forensics Tools\n\n![Digital Forensics TOols](https://media2.giphy.com/media/v1.Y2lkPTc5MGI3NjExOG90c3c1YmF3bW8xOWdmaGprdXdtNGVqMDNiNmhpN205OTE1OGdrdiZlcD12MV9pbnRlcm5hbF9naWZfYnlfaWQmY3Q9Zw/44cvOarMUnAfV9oU7A/giphy.gif)\n\nA curated list of essential **digital forensics tools** used for investigation, data recovery, and security analysis. These tools help in disk forensics, memory analysis, network monitoring, malware analysis, and more.\n\n# šŸ›  Disk Forensics Tools \n\n### šŸ” Disk Imaging \u0026 Cloning \n- **[Autopsy](https://www.sleuthkit.org/autopsy/)** ā€“ GUI-based forensic tool for disk analysis. \n- **[The Sleuth Kit (TSK)](https://www.sleuthkit.org/)** ā€“ Command-line toolkit for file system forensics. \n- **[FTK Imager](https://accessdata.com/solutions/digital-forensics/ftk-imager)** ā€“ Disk imaging and evidence collection. \n- **[dd (Data Dump)](https://man7.org/linux/man-pages/man1/dd.1.html)** ā€“ CLI tool for disk cloning and imaging. \n- **[dcfldd](https://sourceforge.net/projects/dcfldd/)** ā€“ Enhanced version of `dd` for forensics. \n- **[Guymager](https://guymager.sourceforge.io/)** ā€“ Fast forensic imaging tool with a GUI. \n\n### šŸ—‚ File System \u0026 Partition Analysis \n- **[TestDisk](https://www.cgsecurity.org/wiki/TestDisk)** ā€“ Recover lost partitions and repair disk structures. \n- **[PhotoRec](https://www.cgsecurity.org/wiki/PhotoRec)** ā€“ File recovery from storage media. \n- **[X-Ways Forensics](https://www.x-ways.net/forensics/)** ā€“ Advanced disk and file system analysis tool. \n- **[AccessData FTK (Forensic Toolkit)](https://accessdata.com/solutions/digital-forensics/ftk)** ā€“ Full forensic investigation suite. \n\n### šŸ”Ž Metadata \u0026 Hash Analysis \n- **[ExifTool](https://exiftool.org/)** ā€“ Extract metadata from files. \n- **[md5sum, sha256sum](https://man7.org/linux/man-pages/man1/md5sum.1.html)** ā€“ Verify file integrity with hash values. \n- **[Hashdeep](https://github.com/jessek/hashdeep)** ā€“ Compute and audit hashes for large datasets. \n\n### šŸ§© File Recovery \u0026 Carving \n- **[Foremost](https://foremost.sourceforge.net/)** ā€“ Recover deleted files based on headers, footers, and data structures. \n- **[Scalpel](https://github.com/sleuthkit/scalpel)** ā€“ File carving tool for deleted file recovery. \n- **[Recuva](https://www.ccleaner.com/recuva)** ā€“ User-friendly file recovery software. \n\n### šŸ”„ Live Disk Analysis \n- **[Mount Image Pro](https://www.mountimage.com/)** ā€“ Mount disk images for live forensic analysis. \n- **[OSForensics](https://www.osforensics.com/)** ā€“ Windows-based live forensic analysis tool. \n- **[CAINE (Computer Aided Investigative Environment)](https://www.caine-live.net/)** ā€“ Live Linux forensic distro with built-in tools. \n\n---\n\n# šŸ§  Memory Forensics Tools \n\n### šŸ” Memory Dumping Tools \n- **[DumpIt](https://www.comae.com/)** ā€“ One-click RAM dumping tool for Windows. \n- **[WinPmem](https://github.com/Velocidex/WinPmem)** ā€“ Windows memory acquisition tool. \n- **[LiME](https://github.com/504ensicsLabs/LiME)** ā€“ Extracts live memory from Linux systems. \n- **[AVML](https://github.com/microsoft/avml)** ā€“ Memory acquisition for Linux \u0026 Azure VMs. \n- **[OSForensics](https://www.osforensics.com/)** ā€“ RAM imaging and forensic analysis. \n\n### šŸ”¬ Memory Analysis Tools \n- **[Volatility](https://github.com/volatilityfoundation/volatility)** ā€“ Open-source framework for memory analysis. \n- **[Volatility 3](https://github.com/volatilityfoundation/volatility3)** ā€“ Python 3-based version with enhanced support. \n- **[Rekall](https://github.com/google/rekall)** ā€“ Memory forensic framework from Google. \n- **[MemProcFS](https://github.com/ufrisk/MemProcFS)** ā€“ Mounts memory dumps as a virtual file system. \n- **[Redline](https://www.fireeye.com/services/freeware/redline.html)** ā€“ Analyzes memory for malware infections. \n\n### šŸ¦  Malware \u0026 Process Analysis \n- **[Malfind](https://github.com/volatilityfoundation/volatility/wiki/Command-Reference#malfind)** ā€“ Detects malicious code injections. \n- **[YARA](https://github.com/VirusTotal/yara)** ā€“ Signature-based malware detection in RAM. \n- **[Strings](https://docs.microsoft.com/en-us/sysinternals/downloads/strings)** ā€“ Extracts readable text from memory dumps. \n- **[PE-sieve](https://github.com/hasherezade/pe-sieve)** ā€“ Detects injected malicious code. \n- **[HollowsHunter](https://github.com/hasherezade/hollows_hunter)** ā€“ Identifies process hollowing and malware injections. \n\n### šŸ“Š Memory Timeline \u0026 Log Analysis \n- **[Log2Timeline (Plaso)](https://github.com/log2timeline/plaso)** ā€“ Creates forensic timelines from memory artifacts. \n- **[Memtriage](https://github.com/SwiftOnSecurity/Memtriage)** ā€“ Rapid triage tool for incident response. \n- **[Efilter](https://github.com/google/efilter)** ā€“ Query and analyze memory artifacts efficiently. \n\n---\n\n# šŸŒ Network Forensics Tools \n\n### šŸ”Ž Packet Sniffers \u0026 Traffic Analysis \n- **[Wireshark](https://www.wireshark.org/)** ā€“ GUI-based packet analyzer for real-time network traffic analysis. \n- **[tcpdump](https://www.tcpdump.org/)** ā€“ Command-line packet sniffer for capturing network packets. \n- **[TShark](https://www.wireshark.org/docs/man-pages/tshark.html)** ā€“ CLI version of Wireshark for automated packet analysis. \n\n### šŸ•µļø Intrusion Detection \u0026 Network Security Monitoring \n- **[Zeek (Bro)](https://zeek.org/)** ā€“ Network traffic analysis tool for security monitoring. \n- **[Suricata](https://suricata.io/)** ā€“ High-performance network IDS, IPS, and NSM tool. \n- **[Snort](https://www.snort.org/)** ā€“ Open-source intrusion detection and prevention system (IDS/IPS). \n\n### šŸ› ļø Log Analysis \u0026 Network Flow Monitoring \n- **[Argus](https://openargus.org/)** ā€“ Network flow analysis tool for session data monitoring. \n- **[ELK Stack (Elasticsearch, Logstash, Kibana)](https://www.elastic.co/)** ā€“ Log collection and visualization for network logs. \n- **[Splunk](https://www.splunk.com/)** ā€“ Advanced log analysis and SIEM for real-time network forensics. \n\n### šŸ”“ Deep Packet Inspection \u0026 Protocol Analysis \n- **[NetworkMiner](https://www.netresec.com/?page=NetworkMiner)** ā€“ Passive network traffic analyzer for extracting forensic data. \n- **[Xplico](https://www.xplico.org/)** ā€“ Network forensic tool for reconstructing network sessions. \n- **[NetFlow Analyzer](https://www.manageengine.com/products/netflow/)** ā€“ Monitors and analyzes network traffic using NetFlow data. \n\n### šŸ“” Wireless Network Forensics \n- **[Kismet](https://www.kismetwireless.net/)** ā€“ Wireless network sniffer and intrusion detection tool. \n- **[Aircrack-ng](https://www.aircrack-ng.org/)** ā€“ Wi-Fi network security assessment and packet capturing. \n- **[WiFi Pineapple](https://shop.hak5.org/products/wifi-pineapple)** ā€“ Wireless network penetration testing and monitoring. \n\n### šŸ–„ļø Man-in-the-Middle (MitM) \u0026 Traffic Manipulation \n- **[ettercap](https://www.ettercap-project.org/)** ā€“ MitM attack tool for sniffing and network manipulation. \n- **[MITMf](https://github.com/byt3bl33d3r/MITMf)** ā€“ Advanced framework for network traffic interception and manipulation. \n- **[Bettercap](https://www.bettercap.org/)** ā€“ Swiss army knife for network forensics, pentesting, and MitM attacks. \n\n### šŸ“ā€ā˜ ļø Darknet \u0026 Deep Web Analysis \n- **[Tor](https://www.torproject.org/)** ā€“ Anonymity network used for deep web forensics. \n- **[ONIONScan](https://github.com/s-rah/onionscan)** ā€“ Deep web analysis and onion service scanning. \n\n---\n\n## šŸ“± **Mobile Forensics Tools** \n\n### šŸ” **Mobile Data Extraction \u0026 Analysis** \n- **[Cellebrite UFED](https://cellebrite.com/)** ā€“ Industry-standard tool for extracting data from mobile devices. \n- **[Magnet AXIOM](https://www.magnetforensics.com/)** ā€“ Mobile forensic analysis and recovery tool. \n- **[Oxygen Forensic Suite](https://www.oxygen-forensic.com/)** ā€“ Mobile data extraction, call logs, and app analysis. \n- **[XRY](https://www.msab.com/products/xry/)** ā€“ Mobile forensics tool for data extraction and decoding. \n- **[MOBILedit Forensic](https://www.mobiledit.com/forensic)** ā€“ Mobile device investigation with logical and physical extraction. \n- **[Belkasoft Evidence Center](https://belkasoft.com/ec)** ā€“ Extracts data from iOS, Android, and cloud services. \n\n### šŸ”§ **Android Forensics** \n- **[ADB (Android Debug Bridge)](https://developer.android.com/studio/command-line/adb)** ā€“ Command-line tool for interacting with Android devices. \n- **[Andriller](https://www.andriller.com/)** ā€“ Android pattern lock cracker and data extraction. \n- **[AFLogical](https://github.com/nowsecure/AFLogical)** ā€“ Open-source tool for logical data extraction from Android. \n- **[Frida](https://frida.re/)** ā€“ Dynamic instrumentation tool for Android reverse engineering. \n- **[Drozer](https://labs.withsecure.com/tools/drozer)** ā€“ Security testing framework for Android apps. \n- **[Apktool](https://github.com/iBotPeaches/Apktool)** ā€“ Reverse engineer APK files. \n\n### šŸ **iOS Forensics** \n- **[iLEAPP (iOS Logs, Events, And Properties Parser)](https://github.com/abrignoni/iLEAPP)** ā€“ Extracts logs and artifacts from iOS devices. \n- **[Checkm8 / Checkra1n](https://checkra.in/)** ā€“ Jailbreaking tool for forensic extraction. \n- **[Elcomsoft iOS Forensic Toolkit](https://www.elcomsoft.com/eift.html)** ā€“ Extracts data from iOS devices, even locked ones. \n- **[iExplorer](https://www.macroplant.com/iexplorer)** ā€“ Browse iOS file systems without jailbreaking. \n- **[Cydia Impactor](http://www.cydiaimpactor.com/)** ā€“ Install apps and exploit sideloading vulnerabilities. \n\n### šŸŒ **Cloud \u0026 Online Data Extraction** \n- **[Oxygen Forensic Cloud Extractor](https://www.oxygen-forensic.com/en/cloud-extractor)** ā€“ Extracts mobile data from cloud accounts. \n- **[Google Takeout](https://takeout.google.com/)** ā€“ Download data from Google services (Gmail, Drive, etc.). \n- **[iCloudExtractor](https://www.elcomsoft.com/eppb.html)** ā€“ Extracts backups from iCloud. \n\n### šŸ“¶ **SIM \u0026 IMEI Forensics** \n- **[SIM Cloning Tool](https://github.com/srdja/SIM-Tools)** ā€“ Clone and analyze SIM card data. \n- **[Oxygen SIM Detective](https://www.oxygen-forensic.com/en/products/oxygen-forensic-detective)** ā€“ Extracts data from SIM cards. \n- **[MOBILedit SIM Clone](https://www.mobiledit.com/sim-clone)** ā€“ Copies SIM data and recovers deleted messages. \n\n### šŸ” **Mobile App \u0026 Messaging Analysis** \n- **[WhatsApp Viewer](https://github.com/andreas-mausch/whatsapp-viewer)** ā€“ Extracts WhatsApp messages from databases. \n- **[UFED Physical Analyzer](https://www.cellebrite.com/en/ufed-physical-analyzer/)** ā€“ Analyzes mobile apps and messaging platforms. \n- **[SQLite Forensic Browser](https://github.com/sqlitebrowser/sqlitebrowser)** ā€“ Investigates SQLite databases from apps like WhatsApp and Telegram. \n- **[Paraben E3](https://paraben.com/e3-platform/)** ā€“ Extracts and analyzes messages from social media and chat apps. \n\n---\n\n# šŸ¦  Malware Forensics Tools \n\n### šŸ” **1. Static Analysis Tools** \n- **[IDA Pro](https://www.hex-rays.com/)** ā€“ Advanced disassembler and decompiler. \n- **[Ghidra](https://ghidra-sre.org/)** ā€“ Open-source reverse engineering framework. \n- **[Radare2](https://rada.re/n/)** ā€“ Binary analysis and reversing tool. \n- **[PEStudio](https://www.winitor.com/)** ā€“ Analyzes Windows executables for malware indicators. \n- **[Detect It Easy (DIE)](https://github.com/horsicq/Detect-It-Easy)** ā€“ Detects compiler and packer information. \n\n### āš™ļø **2. Dynamic Analysis Tools** \n- **[Cuckoo Sandbox](https://cuckoosandbox.org/)** ā€“ Automated malware sandbox. \n- **[Any.Run](https://any.run/)** ā€“ Interactive cloud-based malware analysis. \n- **[Joe Sandbox](https://www.joesecurity.org/)** ā€“ Advanced malware sandboxing. \n- **[FakeNet-NG](https://github.com/fireeye/flare-fakenet-ng)** ā€“ Simulates network services to capture malware behavior. \n\n### šŸ’¾ **3. Memory Forensics Tools** \n- **[Volatility](https://github.com/volatilityfoundation/volatility)** ā€“ Extracts artifacts from RAM dumps. \n- **[Rekall](https://github.com/google/rekall)** ā€“ Memory forensics and incident response. \n- **[RAM Capturer](https://www.magnetforensics.com/)** ā€“ Captures live RAM data. \n\n### šŸ”— **4. Malware Behavior Analysis** \n- **[Process Hacker](https://processhacker.sourceforge.io/)** ā€“ Monitors and manipulates processes. \n- **[ProcMon (Process Monitor)](https://docs.microsoft.com/en-us/sysinternals/downloads/procmon)** ā€“ Tracks system activity in real-time. \n- **[Regshot](https://sourceforge.net/projects/regshot/)** ā€“ Compares registry snapshots. \n- **[APIMonitor](http://www.rohitab.com/apimonitor)** ā€“ Tracks API calls used by malware. \n\n### šŸ›  **5. Code \u0026 String Analysis Tools** \n- **[YARA](https://virustotal.github.io/yara/)** ā€“ Rule-based malware classification. \n- **[Floss](https://github.com/fireeye/flare-floss)** ā€“ Extracts obfuscated strings from malware. \n- **[Binwalk](https://github.com/ReFirmLabs/binwalk)** ā€“ Extracts and analyzes firmware. \n\n### šŸŒ **6. Online Malware Analysis Services** \n- **[VirusTotal](https://www.virustotal.com/)** ā€“ Multi-engine malware scanning. \n- **[Hybrid Analysis](https://www.hybrid-analysis.com/)** ā€“ Free cloud-based malware sandbox. \n- **[MalShare](https://malshare.com/)** ā€“ Public malware sample repository. \n- **[URLScan.io](https://urlscan.io/)** ā€“ Analyzes suspicious URLs for threats. \n\n---\n\n# ā˜ļø Cloud Forensics Tools \n\n### šŸ” **Cloud Logging \u0026 Monitoring** \n- **[AWS CloudTrail](https://aws.amazon.com/cloudtrail/)** ā€“ Tracks API activity and security events in AWS. \n- **[AWS GuardDuty](https://aws.amazon.com/guardduty/)** ā€“ Threat detection for AWS accounts. \n- **[Google Cloud Logging](https://cloud.google.com/logging/)** ā€“ Collects logs from Google Cloud services. \n- **[Azure Monitor](https://azure.microsoft.com/en-us/products/monitor/)** ā€“ Tracks Azure activity and performance. \n\n### šŸ—‚ **Cloud Storage Forensics** \n- **[Google Takeout](https://takeout.google.com/)** ā€“ Extracts data from Google accounts (Drive, Gmail, etc.). \n- **[AWS S3 Access Logs](https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerLogs.html)** ā€“ Monitors object access in AWS S3. \n- **[Azure Storage Analytics](https://docs.microsoft.com/en-us/azure/storage/common/storage-analytics-logging?tabs=dotnet)** ā€“ Logs Azure Storage activity. \n\n### šŸ’¾ **Cloud Instance \u0026 Virtual Machine Forensics** \n- **[Velociraptor](https://www.velociraptor.app/)** ā€“ Endpoint forensics and cloud-based threat hunting. \n- **[AWS EC2 Instance Metadata](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instancedata-data-retrieval.html)** ā€“ Retrieves forensic metadata from AWS instances. \n- **[Google Cloud Compute Disk Snapshots](https://cloud.google.com/compute/docs/disks/create-snapshots)** ā€“ Captures VM snapshots for investigation. \n- **[Azure Disk Forensics](https://learn.microsoft.com/en-us/azure/security/fundamentals/azure-forensic-best-practices)** ā€“ Forensic analysis of Azure virtual disks. \n\n### šŸ“” **Cloud Network Traffic Analysis** \n- **[Zeek (Bro)](https://zeek.org/)** ā€“ Network monitoring tool for cloud environments. \n- **[AWS VPC Flow Logs](https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html)** ā€“ Captures AWS network traffic. \n- **[Google VPC Flow Logs](https://cloud.google.com/vpc/docs/using-flow-logs)** ā€“ Logs network traffic in Google Cloud. \n- **[Azure Network Watcher](https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-monitoring-overview)** ā€“ Monitors traffic flow in Azure. \n\n### šŸ”‘ **Cloud Identity \u0026 Access Forensics** \n- **[AWS IAM Access Analyzer](https://aws.amazon.com/iam/access-analyzer/)** ā€“ Analyzes permissions and access control. \n- **[Google Cloud IAM Policy Analyzer](https://cloud.google.com/iam/docs/policy-analyzer)** ā€“ Checks permissions and access logs. \n- **[Azure Active Directory Audit Logs](https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/concept-audit-logs)** ā€“ Tracks identity-related activities. \n\n### āš ļø **Cloud Incident Response** \n- **[GRR Rapid Response](https://github.com/google/grr)** ā€“ Live forensics for cloud instances. \n- **[AWS Security Hub](https://aws.amazon.com/security-hub/)** ā€“ Centralized security alerts for AWS. \n- **[Google Chronicle](https://chronicle.security/)** ā€“ Threat intelligence for Google Cloud. \n- **[Azure Sentinel](https://azure.microsoft.com/en-us/products/microsoft-sentinel/)** ā€“ Cloud-native SIEM for security monitoring. \n\n---\n\n# šŸ“§ Email Forensics Tools \n\n### šŸ” Email Header Analysis \n- **[MHA (Message Header Analyzer)](https://mha.azurewebsites.net/)** ā€“ Online tool to analyze email headers and detect phishing. \n- **[MXToolbox](https://mxtoolbox.com/EmailHeaders.aspx)** ā€“ Extract sender IP, SPF, DKIM, and DMARC records. \n- **[Wireshark](https://www.wireshark.org/)** ā€“ Packet capture tool for SMTP, IMAP, and POP3 analysis. \n\n### šŸ“Ø Email Metadata Extraction \n- **[EmailTracer](https://github.com/sud0nick/EmailTracer)** ā€“ Python tool to extract and analyze email headers. \n- **[ExifTool](https://exiftool.org/)** ā€“ Extract metadata from email files (.eml, .msg). \n- **[Xplico](https://www.xplico.org/)** ā€“ Extract emails from network traffic captures. \n\n### šŸ“œ Log \u0026 Email File Analysis \n- **[Log2Timeline (Plaso)](https://github.com/log2timeline/plaso)** ā€“ Create timelines from email and system logs. \n- **[MailXaminer](https://www.mailxaminer.com/)** ā€“ Advanced email forensic investigation tool. \n- **[Forensic Email Collector](https://www.metaspike.com/forensic-email-collector/)** ā€“ Extract and analyze cloud-based emails. \n\n### šŸ”‘ Phishing \u0026 Malicious Email Investigation \n- **[PhishTool](https://phishtool.com/)** ā€“ Identify phishing attempts from email headers. \n- **[VirusTotal](https://www.virustotal.com/)** ā€“ Scan email attachments and URLs for malware. \n- **[YARA](https://virustotal.github.io/yara/)** ā€“ Detect patterns in malicious emails and attachments. \n\n### šŸ› ļø Email Data Recovery \u0026 Conversion \n- **[Mail Viewer](https://www.mitec.cz/mailview.html)** ā€“ View and extract data from .eml and .msg files. \n- **[Aid4Mail](https://www.aid4mail.com/)** ā€“ Convert, search, and analyze email data. \n- **[Kernel Email Recovery](https://www.nucleustechnologies.com/)** ā€“ Recover deleted or corrupted email data. \n\n---\n\n## šŸŒŸ Let's Connect!\n\nHello, Hacker! šŸ‘‹ We'd love to stay connected with you. Reach out to us on any of these platforms and let's build something amazing together:\n\nšŸŒ **Website:** [https://yogsec.github.io/yogsec/](https://yogsec.github.io/yogsec/) \nšŸ“œ **Linktree:** [https://linktr.ee/yogsec](https://linktr.ee/yogsec) \nšŸ”— **GitHub:** [https://github.com/yogsec](https://github.com/yogsec) \nšŸ’¼ **LinkedIn (Company):** [https://www.linkedin.com/company/yogsec/](https://www.linkedin.com/company/yogsec/) \nšŸ“· **Instagram:** [https://www.instagram.com/yogsec.io/](https://www.instagram.com/yogsec.io/) \nšŸ¦ **Twitter (X):** [https://x.com/yogsec](https://x.com/yogsec) \nšŸ‘Øā€šŸ’¼ **Personal LinkedIn:** [https://www.linkedin.com/in/cybersecurity-pentester/](https://www.linkedin.com/in/cybersecurity-pentester/) \nšŸ“§ **Email:** abhinavsingwal@gmail.com\n\n---\n\n## ā˜• Buy Me a Coffee\n\nā˜• **Support Us Here:** [https://buymeacoffee.com/yogsec](https://buymeacoffee.com/yogsec)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fyogsec%2Fdigital-forensics-tools","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fyogsec%2Fdigital-forensics-tools","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fyogsec%2Fdigital-forensics-tools/lists"}