Tag Archives: DFIR

ShadowExplorer – Tool to Browse Shadow Copies

ShadowExplorer allows you to browse the Shadow Copies created by the Windows Vista / 7 / 8 / 10 Volume Shadow Copy Service.

Recoll – Full-text Search Tool

Recoll is based on the very capable Xapian search engine library, for which it provides a powerful text extraction layer and a complete, yet easy to use, Qt graphical interface.

Carbon14 – OSINT dating tool for web pages

Carbon14 is a tool that will allow investigator to find the timestamps of static resources that are uploaded while writing articles.

CurrProcess – Tool to Display Currently Running Processes

CurrProcess utility is another nirsoft product that you can use among your toolkit for incident response.

CrowdResponse – Forensics Data Collection Tool

CrowdResponse is an automated tool that will allow you to gather system information for incident response and security engagements.The tool may cover windows based operating system or MAC OSX.

Belkasoft RAM Capturer: Volatile Memory Acquisition Tool

Belkasoft Live RAM Capturer is a tiny free forensic tool that allows to reliably extract the entire contents of computer’s volatile memory – even if protected by an active anti-debugging or anti-dumping system. Separate 32-bit and 64-bit builds are available

Imago Forensics – Tool to Extract Digital Evidences from Images

Imago Forensics is a python tool that extract digital evidences from images recursively. This tool is useful throughout a digital forensic investigation. If you need to extract digital evidences and you have a lot of images, through this tool you