DFIR Tools
Featured Tool License Category Keywords 
ADF DEI PRO Field Tablet Proprietary Triage tablet, mobile ADF The ADF Cloud Platform Proprietary Reporting license, cloud, management ADF Digital Evidence Investigator (DEI) Proprietary Suite timeline, triage ADF Digital Evidence Investigator PRO (DEI PRO) Proprietary Suite triage, media exploitation ADF Mobile Device Investigator (MDI) Proprietary Suite mobile, analysis ADF MDI Field Tablet Proprietary Suite triage, mobile, tablet ADF Triage-G2 (TG2) Proprietary Triage media exploitation ADF Triage-G2 PRO (TG2 PRO) Proprietary Triage mobile, media exploitation, triage ADF Triage-Investigator (TINV) Proprietary Triage triage, reporting, analysis ADF Triage-Investigator PRO (TINV PRO) Proprietary Triage triage, reporting, analysis 
Arsenal Recon Gmail URL Decoder Free User Created email, gmail, URL Arsenal Recon Cybergate Log Decrypt Free Encryption log, decrypt Arsenal Recon Hive Recon Proprietary Analysis registry, hbin, hibernation, syscache, userassist Arsenal Recond Hibernation Recon Proprietary Analysis hibernation Arsenal Image Mounter Proprietary Image mounting Arsenal Image Mounter Free Image mounting Arsenal Recon NetWire Log Decoder Free Analysis log, netwire Arsenal Recon Sdba Parser Free Memory sdba Arsenal Recon Backstage Parser Free User Created MS Office, BackstageinAppNavCache Arsenal Recon ODC Recon Proprietary User Created MS Office, ODC Arsenal Recon HBIN Recon Proprietary Analysis HBIN, registry Arsenal Recon Registry Recon Proprietary Analysis Registry 
BasisTech Rosette Proprietary Text linguistics, language, text BasisTech Autopsy Free Suite forensic analysis BasisTech Konasearch Proprietary Text linguistics, language, text BasisTech Cyber Triage Proprietary IR triage, endpoints, threat, intrusion 
Belkasoft Remote Acquistion Proprietary Acquisition remote, ram, imaging, Belkasoft Ram Capturer Free Acquisition memory dump, ram, imaging Belkasoft Evidence Center X Proprietary Suite forensic analysis Belkasoft BELKAS21 Proprietary Suite forensic analysis Belkasoft Incident Investigations Proprietary IR forensic analysis Belkasoft Triage Proprietary Triage triage 
Forensic Notes Proprietary Reporting report writing, documentation 
Magnet AXIOM Cyber Proprietary IR forensic analysis Magnet AQUIRE Free Acquisition mobile, imaging Magnet Custom Artifact Generator Free Analysis artifacts Magnet AUTOMATE Proprietary Reporting Case management Magnet AUTOMATE ENTERPRISE Proprietary Reporting Case management Magnet Web Page Saver Free Analysis Internet, browser Magnet ATLAS Proprietary Reporting Case management Magnet Apple Warrant Return Assistant Free Reporting Case management Magnet DVR EXAMINER Proprietary Unique Devices DVR, analysis Magnet Encrypted Disk Detector Free Encryption encryption detection Magnet AXIOM Wordlist Generator Free Encryption password, decryption Magnet Hash Sets Manager Free Hash Hash set management Magnet DumpIt for Windows Free Memory memory, dump, Windows Magnet Dumpit-linux Free Memory memory, dump, Linux Magnet Process Capture Free Memory memory, imaging Magnet RAM Capture Free Memory RAM, memory, imaging Magnet RESPONSE Free IR RAM, endpoint, collection, acquisition Magnet SHIELD Free Reporting report writing, documentation Magnet REVIEW Proprietary Reporting case review, management Magnet AXIOM Proprietary Suite forensic analysis Magnet IGNITE Proprietary IR triage, endpoints, threat, intrusion Magnet OUTRIDER Proprietary Triage triage Magnet App Simulator Free Virtualization simulator Eric Zimmerman AmcacheParser Free Analysis amcache, artifact Eric Zimmerman AppCompatCacheParser Free Analysis appcopatcache, artifact Eric Zimmerman bstrings Free Analysis regex, search Cellebrite Cellebrite Commander Proprietary Reporting Case management Cellebrite Cellebrite Digital Collector Proprietary Acquisition triage, imaging Cellebrite Cellebrite Endpoint Inspector Proprietary IR endpoint, collection Cellebrite Cellebrite Frontliner Proprietary Reporting report writing, documentation Cellebrite Cellebrite Guardian Proprietary Reporting Case management Cellebrite Cellebrite Inspector Proprietary Analysis social media collection, cloud, Internet Cellebrite Cellebrite OSINT Solutions Proprietary OSINT Cellebrite Cellebrite Pathfinder Proprietary Reporting Case management Cellebrite Cellebrite Physical Analyzer Proprietary Suite forensic analysis Cellebrite Cellebrite Reader Proprietary Reporting Case management Cellebrite Cellebrite Responder Proprietary Acquisition report writing, documentation Cellebrite Cellebrite UFED Proprietary Suite forensic analysis Cellebrite Cellebrite UFED Cloud Proprietary Acquisition social media collection, cloud, Internet Eric Zimmerman EvtxECmd Free Analysis evtxecmd, log Exterro Exterro Forensic ToolKit (FTK) Proprietary Suite forensic analysis Exterro Exterro FTK Central Proprietary Suite forensic analysis Exterro Exterro FTK Connect Proprietary Reporting Case management Exterro Exterro FTK Enterprise Proprietary Enterprise forensic analysis Exterro Exterro FTK Imager Free Acquisition imaging, image mounting Eric Zimmerman EZViewer Free Analysis file viewer Eric Zimmerman Get-ZimmermanTools Free Misc misc Eric Zimmerman Hasher Free Hash hashing Eric Zimmerman iisGeoLocate Free Analysis geolocation Eric Zimmerman JLECmd Free Analysis JLECmd, artifact Eric Zimmerman JumpList Explorer Free Analysis jumplist, artifact Eric Zimmerman KAPE Free Suite forensic analysis Eric Zimmerman LECmd Free Analysis LNK, artifact Eric Zimmerman MFTECmd Free Analysis MFT, artifact Eric Zimmerman MFTExplorer Free Analysis MFT, artifact OpenText OpenText EnCase Endpoint Investigator Proprietary IR endpoint, collection OpenText OpenText Encase Forensic Proprietary Suite forensic analysis OpenText OpenText EnCase Mobile Investigator Proprietary Suite mobile, forensic analysis OpenText OpenText Tableau Forensic Proprietary Acquisition write blocker, imaging Oxygen Forensics Oxygen Forensic Cable Kit Proprietary Hardware hardware Oxygen Forensicss Oxygen Forensics Detective Proprietary Suite forensic analysis Oxygen Forensics Detective Network Proprietary Reporting license, cloud, management Oxygen Forensicss Oxygen Forensics KIT Proprietary Acquisition mobile, extraction Paraben Corporation Paraben Corporation E3 Proprietary Suite forensic analysis Paraben Corporation Paraben Corporation E3 Remote Imager Proprietary Acquisition remote, imaging Paraben Corporation Paraben Corporation E3: View Proprietary Reporting Case management Eric Zimmerman PECmd Free Analysis prefetch, artifact Eric Zimmerman RBCmd Free Analysis recyclebincache, artifact Eric Zimmerman RecentFileCacheParser Free Analysis recentfilecache, artifact Eric Zimmerman RECmd Free Analysis registry Eric Zimmerman Registry Explorer Free Analysis registry Eric Zimmerman RLA Free Analysis transaction logs, registry SANS SANS SIFT Workstation Free Suite forensic analysis Eric Zimmerman SBECmd Free Analysis shellbags, artifact Eric Zimmerman SDB Explorer Free Analysis shim database, artifact Eric Zimmerman ShellBags Explorer Free Analysis shellbags, artifact Eric Zimmerman SQLECmd Free Analysis SQLite Eric Zimmerman SrumECmd Free Analysis SRUDB, artifact Eric Zimmerman SumECmd Free Analysis MS user access logs Eric Zimmerman TimeApp Free Reporting current time Eric Zimmerman Timeline Explorer Free Reporting csv xlsx viewer Eric Zimmerman VSCMount Free Virtualization mount, vsc, virtual machine Eric Zimmerman WxTCmd Free Reporting Windows 10 timeline database, artifact X-Ways Forensics X-Ways Forensics Proprietary Suite forensic analysis X-Ways Forensics X-Ways Imager Proprietary Acquisition imaging X-Ways Forensics X-Ways Investigator Proprietary Suite forensic analysis X-Ways Forensics X-Ways WinHex Proprietary Suite forensic analysis Eric Zimmerman XWFIM Free Misc misc Stark4n6 SQLiteWalker Free Analysis SQLite, database