⭐️ A curated list of awesome forensic analysis tools and resources
-
Updated
Oct 2, 2025
#
computer-forensics
Here are 44 public repositories matching this topic...
❄️ PcapXray - A Network Forensics Tool - To visualize a Packet Capture offline as a Network Diagram including device identification, highlight important communication and file extraction
python network-diagram security pcap packets network tor traffic forensics cybersecurity computer-forensics forensic-analysis tor-traffic
-
Updated
Mar 28, 2022 - Python
UAC is a powerful and extensible incident response tool designed for forensic investigators, security analysts, and IT professionals. It automates the collection of artifacts from a wide range of Unix-like systems, including AIX, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris.
macos linux shell freebsd security terminal openbsd script esxi incident-response forensics dfir netscaler collector netbsd solaris aix triage computer-forensics live-response
-
Updated
Oct 6, 2025 - Shell
Factual-rules-generator is an open source project which aims to generate YARA rules about installed software from a machine.
-
Updated
Jan 18, 2022 - Python
-
Updated
Dec 23, 2024
unix_collector is a Live Response collection script for Incident Response on UNIX-like systems using native binaries. Supports AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.
linux freebsd security unix openbsd script esxi incident-response posix forensics dfir solaris triage computer-forensics blueteam dfir-automation live-response forensics-tools
-
Updated
Jun 10, 2025 - Shell
This will compile a list of Android, iOS, Linux malware techniques for attacking and detection purposes.
-
Updated
Nov 29, 2022
Kali Linux in Docker + Ubuntu 22.04 in Docker for Bug Bounty, Penetration Testing, Security Research, Computer Forensics and Reverse Engineering. Kali Linux inside with Docker with or without support with systemd, repository also contains Proof of Concept with kind (Kubernetes in Docker) to test Kali Linux with enabled systemd in K8s cluster
docker dockerfile ubuntu docker-compose makefile systemd cybersecurity bug-bounty security-vulnerability kali-linux vulnerability-detection vulnerability-scanners kali computer-forensics security-tools docker-kali-linux buildkit pentesting-tools trivy
-
Updated
Sep 18, 2024 - Dockerfile
A Volatility plugin for finding sqlite database rows
-
Updated
Jul 14, 2019 - Python
An updated C# port of X-Ways X-Tensions API.
-
Updated
Mar 12, 2018 - C#
The forensic analysis write-up / walkthrough for forensic disk image.
-
Updated
Jul 23, 2022
Extract valid or partially valid domain names and IPs from malicious or invalid URLs.
python url security extractor incident-response domain penetration-testing ip bug-bounty threat-hunting domain-name ethical-hacking computer-forensics threat-intelligence red-team-engagement defensive-security
-
Updated
Jun 19, 2023 - Python
Access Expert Witness Format (ewf/E01/L01) files using Golang
-
Updated
Mar 25, 2019 - Go
Guymager is a free forensic imager for media acquisition. It is based on libewf and libguytools.
-
Updated
Feb 23, 2022 - C++
Docker images of open source forensic tools
-
Updated
Nov 9, 2020 - Shell
LiveDiff is a portable system-level differencing tool for Microsoft Windows-based operating systems
-
Updated
Dec 7, 2018 - C#
Dump a process memory and extract data based on regular expressions.
windows security c-plus-plus incident-response reverse-engineering penetration-testing bug-bounty threat-hunting offensive-security ethical-hacking computer-forensics red-team-engagement defensive-security dump-memory windows-penetration-testing
-
Updated
Apr 25, 2023 - C++
A python-based tool to extract forensic info from ActivitiesCache.db (Windows Activity Timeline)
-
Updated
May 3, 2023 - Python
CFREDS case study for subject code: CTMTCS S2 P2
-
Updated
Nov 6, 2022
Parrot OS (Core/Security) or just Parrot Tools in Docker with the usage of Makefile, Dockerfiles and docker-compose.yaml for Bug Bounty, Penetration Testing, Security Research, Computer Forensics and Reverse Engineering, repository also contains Proof of Concept with kind (K8s in Docker) for ParrotOS with/without systemd in K8s cluster
docker kubernetes dockerfile docker-compose makefile systemd cybersecurity pentesting parrot computer-forensics parrot-os parrotos
-
Updated
Apr 13, 2024 - Makefile
Improve this page
Add a description, image, and links to the computer-forensics topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the computer-forensics topic, visit your repo's landing page and select "manage topics."