Digital Forensics Resources

Curated collection of tools, courses, research papers, and guides to help you master digital forensics and cybersecurity

Learning Resources

Explore our curated collection of forensics and cybersecurity resources

Featured Resources

Featured
Stark 4n6 START.ME
Other

Stark 4n6 START.ME

Comprehensive List of Forensic Resources including tools, articles, courses, and useful links for digital forensics enthusiasts and professionals.

Stark 4n6 2025
Resource ToolsUseful Links
Featured
The Evidence Locker
Evidence-collection

The Evidence Locker

A DFIR Image Compendium. Come and find links and information about publicly available test data for the DFIR community.

Kevin Pagano 2025
Resource ToolsUseful Links

All Resources

Autopsy Digital Forensics
Tool

Autopsy Digital Forensics

Open source digital forensics platform and GUI for The Sleuth Kit and other digital forensics tools. Autopsy is used worldwide by law enforcement and corporate entities.

Basis Technology
Open SourceAnalysisInvestigation
Memory Forensics with Volatility
Tool

Memory Forensics with Volatility

The world’s most widely used memory forensics platform.

AdvancedMemoryVolatility
The Sleuth Kit
Tool

The Sleuth Kit

The Sleuth Kit® (TSK) is a library and collection of command line tools that allow you to investigate disk images

Brian Carrier
Open SourceCLIDisk Analysis
Kroll Artifact Parser and Extractor (KAPE)
Tool

Kroll Artifact Parser and Extractor (KAPE)

KAPE is an efficient and highly configurable triage program that will target essentially any device or storage location, find forensically useful artifacts, and parse them within a few minutes

Eric Zimmerman
Open SourceTriageEz Tools
SANS Digital Forensics Research
Paper

SANS Digital Forensics Research

Latest research papers and whitepapers on digital forensics techniques, malware analysis, and incident response methodologies.

SANS Institute
ResearchAcademicSecurity
Malware and Network Traffic Analysis
Resources

Malware and Network Traffic Analysis

Website focusing on network traffic analysis and malware analysis. Contains pcap files, malware samples, and detailed analysis tutorials.

Brad Duncan
MalwareNetworkPCAP
Wireshark
Tool

Wireshark

Wireshark is a network protocol analyzer that captures and displays network traffic in real-time.

Wireshark Developers
NetworkTraffic AnalysisOpen Source
Hayabusa
Tool

Hayabusa

Hayabusa is a Windows event log fast forensics timeline generator and threat hunting tool created by the Yamato Security group in Japan. Hayabusa means "peregrine falcon" in Japanese and was chosen as peregrine falcons are the fastest animal in the world, great at hunting and highly trainable

Yamato Security
Log AnalysisIROpen Source
FTK Imager
Tool

FTK Imager

Free tool to preview recoverable data from a disk and create forensic images of computer data without affecting the original evidence.

Exterro
ImagingFreeWindows
Arsenal Image Mounter
Tool

Arsenal Image Mounter

Arsenal Image Mounter is the first and only open source solution for mounting the contents of disk images as complete disks in Windows.

Arsenal Recon Ongoing
ImagingMountingWindows
Velociraptor
Tool

Velociraptor

Velociraptor is a tool for collecting host based state information using The Velociraptor Query Language (VQL) queries.

Rapid7
EndpointHuntingOpen Source
CyberChef
Tool

CyberChef

The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis.

GCHQ
Data AnalysisEncodingEncryption
SANS Institue
Organization

SANS Institue

Launched in 1989 as a cooperative for information security thought leadership, SANS (SysAdmin, Audit, Network, Security) Institute is the largest and most trusted provider of cybersecurity training, certifications, programs, and resources in the world. Our ongoing mission is to empower current and future cybersecurity practitioners with practical skills and knowledge that make the digital world safer, and to support the global cybersecurity community at every stage of their journey.

Sans Institute Ongoing
OrganizationStandardsForensicsTrainingCertifications
Scientific Working Group on Digital Evidence (SWGDE)
Organization

Scientific Working Group on Digital Evidence (SWGDE)

The Scientific Working Group on Digital Evidence is composed of members approved and voted in from all levels of government, the legal community, private industry, and academia involved in the digital and multimedia forensic profession. All prospective members must attend two Scientific Working Group on Digital Evidence meetings as a guest to be considered for membership

SWGDE Ongoing
OrganizationStandardsForensics

Forensics Linux Distributions

Want to Contribute?

Know a great resource that should be listed here? We're always looking to expand our collection with high-quality learning materials and tools.

Suggest a Resource