Frameworks
- DFF (Digital Forensics Framework) – an open source platform applicable for data retrieval and analysis.
- PowerForensics is a PowerShell based utility intended for live disk forensic analysis.
- The Sleuth Kit (TSK) is a C-based library and collection of command line tools facilitating the analysis of volume and file system data.
Real-Time Utilities
- grr (GRR Rapid Response) is a remote live forensics tool for incident response.
- mig (Mozilla InvestiGator) – a distributed real-time platform for investigating incidents on remote endpoints.
Windows Artifacts (Extracting Files, Downloads History, USB memory stick data, etc.)
- FastIR Collector is an all-in-one tool for harvesting Windows information (registry, file system, services, startup programs, etc.).
- FRED is a cross-platform Windows registry analysis utility.
- MFT Parsers is a tool facilitating comparative analysis of Master File Table information.
- MFTExtractor – another handy parser of Master File Table.
- RecuperaBit reconstructs NTFS file system.
- python-ntfs is a Python library for NTFS analysis.
OS X Analysis
- OS X Auditor is a popular free forensics tool supporting Mac OS X that parses and hashes various system artifacts.
Internet Artifacts
- chrome-url-dumper is intended for extracting different types of web surfing information from Google Chrome.
- Hindsight analyzes Google Chrome/Chromium history.
