Packages that are used to nd data on physical disks or embedded memory.

Tool count: 84

BlackArch forensic
Name Version Description Homepage
aesfix 1.0.1 A tool to find AES key in RAM
aeskeyfind 1.0 A tool to find AES key in RAM
afflib 3.7.16 An extensible open format for the storage of disk images and related forensic information.
aimage 3.2.5 A program to create aff-images.
air 2.0.0 A GUI front-end to dd/dc3dd designed for easily creating forensic images.
autopsy 2.24 A GUI for The Sleuth Kit.
bmap-tools 3.4 Tool for copying largely sparse files using information from a block map file.
bulk-extractor 1.5.5 Bulk Email and URL extraction tool.
canari 3.2.2 A transform framework for maltego.
captipper 70.b08608d Malicious HTTP traffic explorer tool.
casefile 1.0.1 The little brother to Maltego without transforms, but combines graph and link analysis to examine links between manually added data to mind map your information
chaosmap 1.3 An information gathering tool and dns / whois / web server scanner
chntpw 140201 Offline NT Password Editor - reset passwords in a Windows NT SAM user database file
chromefreak 24.12745b1 A Cross-Platform Forensic Framework for Google Chrome
dc3dd 7.2.646 A patched version of dd that includes a number of features useful for computer forensics.
dcfldd DCFL (DoD Computer Forensics Lab) dd replacement with hashing
ddrescue 1.23 GNU data recovery tool
disitool 0.3 Tool to work with Windows executables digital signatures.
dumpzilla 03152013 A forensic tool for firefox.
eindeutig 20050628_1 Examine the contents of Outlook Express DBX email repository files (forensic purposes)
emldump 0.0.10 Analyze MIME files.
evtkit 8.af06db3 Fix acquired .evt - Windows Event Log files (Forensics).
exiv2 0.26 Exif, Iptc and XMP metadata manipulation library and tools
extundelete 0.2.4 Utility for recovering deleted files from ext2, ext3 or ext4 partitions by parsing the journal
foremost 1.5.7 A console program to recover files based on their headers, footers, and internal data structures
fridump 14.4e7d9a9 A universal memory dumper using Frida.
galleta 20040505_1 Examine the contents of the IE's cookie files for forensic purposes
grokevt 0.5.0 A collection of scripts built for reading Windows® NT/2K/XP/2K eventlog files.
guymager 0.8.8 A forensic imager for media acquisition.
imagemounter 354.29c9a01 Command line utility and Python package to ease the (un)mounting of forensic disk images.
indxparse 169.1b32736 A Tool suite for inspecting NTFS artifacts.
interrogate 0.0.4 A proof-of-concept tool for identification of cryptographic keys in binary material (regardless of target operating system), first and foremost for memory dump analysis and forensic usage.
iosforensic 1.0 iOS forensic tool
ipba2 032013 IOS Backup Analyzer
iphoneanalyzer 2.1.0 Allows you to forensically examine or recover date from in iOS device.
lazagne 294.11344b3 An open source application used to retrieve lots of passwords stored on a local computer.
lfle 24.f28592c Recover event log entries from an image by heurisitically looking for record structures.
limeaide 178.d332e10 Remotely dump RAM of a Linux client and create a volatility profile for later analysis on your local host.
mac-robber 1.02 A digital investigation tool that collects data from allocated files in a mounted file system.
magicrescue 1.1.9 Find and recover deleted files on block devices
make-pdf 0.1.7 This tool will embed javascript inside a PDF document.
malheur 0.5.4 A tool for the automatic analyze of malware behavior.
maltego An open source intelligence and forensics application, enabling to easily gather information about DNS, domains, IP addresses, websites, persons, etc.
malwaredetect 0.1 Submits a file's SHA1 sum to VirusTotal to determine whether it is a known piece of malware
mboxgrep 0.7.9 A small, non-interactive utility that scans mail folders for messages matching regular expressions. It does matching against basic and extended POSIX regular expressions, and reads and writes a variety of mailbox formats.
memdump 1.01 Dumps system memory to stdout, skipping over holes in memory maps.
memfetch 0.05b Dumps any userspace process memory without affecting its execution.
mimipenguin 109.8b95a58 A tool to dump the login password from the current linux user.
mobiusft 0.5.21 An open-source forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions.
mp3nema 0.4 A tool aimed at analyzing and capturing data that is hidden between frames in an MP3 file or stream, otherwise noted as "out of band" data.
naft 0.0.9 Network Appliance Forensic Toolkit.
nfex 2.5 A tool for extracting files from the network in real-time or post-capture from an offline tcpdump pcap savefile.
ntdsxtract 34.7fa1c8c Active Directory forensic framework.
pasco 20040505_1 Examines the contents of Internet Explorer's cache files for forensic purposes
pcapxray 141.4f7d1c1 A Network Forensics Tool - To visualize a Packet Capture offline as a Network Diagram including device identification, highlight important communication and file extraction.
pdf-parser 0.6.8 Parses a PDF document to identify the fundamental elements used in the analyzed file.
pdfbook-analyzer 2 Utility for facebook memory forensics.
pdfid 0.2.4 Scan a file to look for certain PDF keywords.
pdfresurrect 0.12 A tool aimed at analyzing PDF documents.
peepdf 0.3 A Python tool to explore PDF files in order to find out if the file can be harmful or not
pev 0.70 Command line based tool for PE32/PE32+ file analysis.
recoverjpeg 2.6.2 Recover jpegs from damaged devices.
recuperabit 38.3a7c133 A tool for forensic file system reconstruction.
reglookup 1.0.1 Command line utility for reading and querying Windows NT registries
replayproxy 1.1 Forensic tool to replay web-based attacks (and also general HTTP traffic) that were captured in a pcap file.
rifiuti2 0.6.1 A rewrite of rifiuti, a great tool from Foundstone folks for analyzing Windows Recycle Bin INFO2 file.
rkhunter 1.4.6 Checks machines for the presence of rootkits and other unwanted tools.
safecopy 1.7 A disk data recovery tool to extract data from damaged media.
scalpel 2.0 A frugal, high performance file carver
scrounge-ntfs 0.9 Data recovery program for NTFS file systems
skypefreak 33.9347a65 A Cross Platform Forensic Framework for Skype.
sleuthkit 4.6.1 File system and media management forensic analysis tools
swap-digger 27.2d67930 A tool used to automate Linux swap analysis during post-exploitation or forensics.
tchunt-ng 208.b8cf7fc Reveal encrypted files stored on a filesystem.
tekdefense-automater 88.42548cf IP URL and MD5 OSINT Analysis
testdisk 7.0 Checks and undeletes partitions + PhotoRec, signature based recovery tool
trid 2.24 An utility designed to identify file types from their binary signatures.
truehunter 11.c757b02 Detect TrueCrypt containers using a fast and memory efficient approach.
unhide 20130526 A forensic tool to find processes hidden by rootkits, LKMs or by other techniques.
vinetto 0.07beta A forensics tool to examine Thumbs.db files
volafox 143.5b42987 Mac OS X Memory Analysis Toolkit.
volatility 2.6 Advanced memory forensics framework
xplico 145.166379f Internet Traffic Decoder. Network Forensic Analysis Tool (NFAT).
zipdump 0.0.1 ZIP dump utility.