Resources

Digital Forensics Resources

Curated tools, research papers, platforms, and guides — organised by category.

Forensic Suites & Platforms

Autopsy

Basis Technology

Open source digital forensics platform and GUI for The Sleuth Kit. Used worldwide by law enforcement.

Open SourceAnalysisSuite

The Sleuth Kit

Brian Carrier

Library and collection of command line tools for investigating disk images.

Open SourceCLIDisk

FTK Imager

Exterro

Free tool to preview recoverable data and create forensic images without altering evidence.

ImagingFreeWindows

Arsenal Image Mounter

Arsenal Recon

Open source solution for mounting disk image contents as complete disks in Windows.

ImagingWindows

Memory & Threat Hunting

Volatility Foundation

The world's most widely used memory forensics framework.

MemoryAdvanced

Velociraptor

Rapid7

Collect host-based state information using VQL queries for DFIR and threat hunting.

EndpointHuntingOpen Source

Hayabusa

Yamato Security

Fast Windows event log forensics timeline generator and threat hunting tool.

Log AnalysisIROpen Source

Network & Traffic Analysis

Wireshark

The world's foremost network protocol analyzer for real-time traffic capture and analysis.

NetworkOpen Source

Malware Traffic Analysis

Brad Duncan

PCAP files, malware samples, and detailed network traffic analysis tutorials.

MalwareNetworkPCAP

Triage & Artifact Collection

KAPE

Eric Zimmerman

Kroll Artifact Parser and Extractor — efficient triage tool for forensic artifacts.

TriageEZ Tools

CyberChef

GCHQ

The Cyber Swiss Army Knife — web app for encryption, encoding, compression and data analysis.

Data AnalysisEncoding

Communities & Research

Stark 4n6 START.ME

Stark 4n6

Comprehensive list of forensic resources including tools, articles, courses, and useful links.

ResourcesCommunityLinks

The Evidence Locker

Kevin Pagano

A DFIR image compendium — publicly available test data for the DFIR community.

EvidencePractice

SANS Digital Forensics

SANS Institute

Latest research papers and whitepapers on DFIR techniques and incident response.

ResearchAcademic

SANS Institute

SANS Institute

The largest provider of cybersecurity training, certifications, and resources in the world.

TrainingOrganization

SWGDE

SWGDE

Scientific Working Group on Digital Evidence — standards body for digital forensics.

StandardsOrganization

Forensics Linux Distributions

Tsurugi Linux

Tsurugi Linux

DFIR open source project with advanced digital forensic and OSINT tools

 SIFT Workstation

SIFT Workstation

SANS Investigative Forensics Toolkit — the gold standard IR workstation

 Parrot Security

Parrot Security

Lightweight distro with comprehensive DFIR and penetration testing tools

 CAINE

CAINE

Computer Aided INvestigative Environment for forensic investigations

 DEFT Linux

DEFT Linux

Digital Evidence & Forensics Toolkit for computer forensics and IR

 Evanole VM

Evanole VM

Virtual machine designed for digital forensics education and training

Know a great resource?

We're always expanding the list with high-quality tools and learning materials.

Suggest a Resource