Digital Forensics Tools
Top Rated Products
(1-2 of 2)
Wireshark is a free and open source network troubleshooting tool.
Splunk Enterprise Security (SIEM) is the company's flagship SIEM product, offered as a premium service to subscribers of Splunk Cloud or Splunk Enterprise.
All Products
(1-25 of 31)
Splunk Enterprise Security (SIEM) is the company's flagship SIEM product, offered as a premium service to subscribers of Splunk Cloud or Splunk Enterprise.
Trellix Endpoint Security (ENS) solutions apply proactive threat intelligence and defenses across the entire attack lifecycle to keep organizations safer and more resilient.
Explore recently added products
NetworkMiner is an open source Network Forensic Analysis Tool (NFAT) for Windows. It is developed and supported by Netresec, a small company headquartered in Sweden.
Autopsy is a Windows-based desktop digital forensics tool that is free, open source, and boasts features normally found in commercial digital forensics tools. Developer Basis Technology states the tool is extensible and comes with features that include keyword search, hash matching,…
Phonexia Orbis Investigator is an out-of-the-box solution for the rapid investigation of audio recordings by law enforcement agencies. Powered by voice biometrics and speech recognition, it identifies speakers and other key information in audio recordings automatically and provides…
Clari5 Graph Intelligence is a visual investigation solution that reveals hidden linkages between customers, accounts and transactions through common attributes shared by the entities such as social security numbers, phone numbers, IP addresses etc. Clari5 Graph Intelligence connects…
GoSecure Responder PRO is a forensics toolkit that helps reverse engineers understand exactly how malware was executed on specific machines, with the ability to disassemble and visualize the results. Further, reverse engineers can produce reports that demonstrate with granular, fine-…
The Query.AI Security Investigations Platform offers access to cybersecurity data wherever it is stored (in the cloud, third-party SaaS, or on-prem), regardless of vendor or technology, and without requiring centralization, supporting security investigations across real-time and…
Plixer Security Intelligence is a platform presented as more than an NDR (network detection and response) solution, but as a Deep Network Observability solution oriented around network protection, especially of use where IT environments are too decentralized, abstracted, and dynamic…
X-Ways Forensics is an advanced work environment for computer forensic examiners and our flagship product that runs on Windows. X-Ways Forensics is presented as not resource-hungry, fast, finds deleted files and search hits that the competitors will miss, and does not depend on setting…
Automated threat analysis of suspected malware and credential phishing threats. based on Twinwave, the software identifies and extracts associated forensics for threat detections.
ProDiscover Forensics is a comprehensive digital forensics software that empowers investigators to capture key evidence from computer systems. ProDiscover has capabilities to handle all aspects of an in-depth forensic investigation to collect, preserve, filter, and analyze evidence.…
THOR is a sophisticated and flexible compromise assessment tool. The manual analysis of many forensic images can be challenging. THOR speeds up this forensic analysis with more than 17,000 handcrafted YARA signatures, 400 Sigma rules, numerous anomaly detection rules and thousands…
Volatility enables analyzing the runtime state of a system using the data found in volatile storage (RAM). It also provided a cross-platform, modular, and extensible platform to encourage further work. Another major goal of the project is to encourage the collaboration, innovation,…
MSAB, headquartered in Stockholm, Sweden, offers digital forensics software and services focusing on extracting data from mobile devices, with an emphasis on retrieving high quality data, and retaining its integrity.
Joe Security specializes in the development of malware analysis systems for malware detection and forensics. Based on the idea of deep malware analysis and multi-technology platform, Joe Security offers technologies to analyze malware in depth. Joe Security provides malware analysis…
Basis Technology in Cambridge, MA offers Cyber Triage, an incident response software emphasizing the rapid and accurate collection of endpoint data, touted as better and more comprehensive than antivirus and ideal for non-forensics experts.
FAW (for "Forensic Acquisition of Websites) is a suite of products that enable the user to capture content from webpages or mobile devices for use in forensics, and for other purposes.
Mobile Verification Toolkit (MVT) is a tool to facilitate the consensual forensic analysis of Android and iOS devices, for the purpose of identifying traces of compromise. It is free and open source.
OpenText EnCase Forensic is a court-ready solution for finding, decrypting, collecting and preserving forensic data from a wide variety of devices, while ensuring evidence integrity and integrating investigation workflows.
Maltego is an open source intelligence (OSINT) and graphical link analysis tool for gathering and connecting information for investigative tasks, available as a Java application that runs on Windows, Mac and Linux.
Learn More About Digital Forensics Tools
What are Digital Forensics Tools?
Digital forensic tools are investigative tools that discover, extract, preserve, decrypt, and analyze digital evidence. A variety of tools capture information from a wide range of sources: including computers, servers, smartphones, disk drives, memory, networks, files, databases, the internet, and IoT devices.
They can be deployed individually or as part of a suite of digital forensic tools and include both software and hardware tools. They automate the presentation of evidence and are able to support multiple operating systems including Windows, Linux, Unix, macOS, iOS, and Android.
Digital forensic tools are used by law enforcement for criminal investigations and legal proceedings and by incident response teams to manage cyber security incidents, most notably in the banking, financial services, and insurance industries.
These tools are often used preemptively to ascertain the vulnerability of IT infrastructure and as part of security preventive maintenance. Many of the tools provide guidance on how to address current incidents and prevent future ones.
Machine learning and AI-assisted analysis is a growing trend in digital forensics and is being used to analyze large amounts of data from the cloud, social networks, IoT devices, and video, and for pattern recognition to identify potential cybercrimes.
Digital Forensics Tools Features
Digital forensic tools will have many of these features.
- Discover, extract, preserve, decrypt, and analyze digital evidence
- Collect data from computers, servers, laptops, tablets, smartphones, mobile devices, smartwatches, disk drives, data storage systems and devices, memory, registries, networks, routers, files, databases, emails, texts, the internet, browsers, social networks, digital media, video, GPS systems, and IoT devices
- Live acquisition of evidence
- Password and hash cracking
- Bit copying
- Disk cloning
- File recovery for hidden, deleted data, and unknown content
- Timeline analysis
- Data and metadata search
- Overcome encryption barriers and advanced locks
- Evidence preparation and reporting
- Custom workflows, configurable features, and tools
- Wizards, dashboards, and data visualization
- Support Windows, Linux, Unix, macOS, iOS, and Android
Digital Forensics Tools Comparison
Use Case: Law enforcement agencies require a multipurpose tool that supports electronic discovery, cyber forensics, analytics across a wide range of digital devices, remote capabilities, and evidence preparation and reporting. Commercial organizations that are focused on incident management and cybersecurity risk mitigation should select tools that include data and file recovery, network monitoring, and analysis.
Scope: Will the purchase of individual tools that target specific resources such as mobile devices, hard drives, memory, and networks best address your needs, or do you need a suite of tools that cover a wide range of digital resources?
Privacy and Security: The use of some sophisticated digital forensic tools can entail significant privacy and security-related risks and as such are only sold to law enforcement or governmental agencies.
Open-Source vs. Proprietary Tools: Many open-source digital forensic tools are free, however, that requires you have the expertise to utilize them. Proprietary tools can be more user-friendly providing training and support that facilitate their use.
Pricing Information
Many open-source tools are free. A basic suite of forensic tools begins at around $3,500 per license. Forensic tools for large organizations often require a price quote. Free trials are sometimes available.