Digital Forensics Tools
These products won a Top Rated award for having excellent customer satisfaction ratings. The list is based purely on reviews; there is no paid placement, and analyst opinions do not influence the rankings. Read more about the Top Rated criteria.
Splunk Enterprise Security (SIEM) is the company's flagship SIEM product, offered as a premium service to subscribers of Splunk Cloud or Splunk Enterprise.
Splunk now offers a security orchestration, automation, and response (SOAR) platform via its acquisition of Phantom. Splunk Security Orchestration and Automation (Splunk SOAR) provides playbook automation and is available as a standalone solution.
Wireshark is an open source network troubleshooting tool.
Trellix Endpoint Security (ENS) solutions apply proactive threat intelligence and defenses across the entire attack lifecycle to keep organizations safer and more resilient.
Cellebrite, an Israeli company, offers a suite of digital forensics products for law enforcement or other entitites conducting investigations requiring digital intelligence as evidence. Their machine learning tools are designed to extract and analyze forensic data from any mobile…
Autopsy is a Windows-based desktop digital forensics tool that is free, open source, and boasts features normally found in commercial digital forensics tools. Developer Basis Technology states the tool is extensible and comes with features that include keyword search, hash matching,…
NetworkMiner is an open source Network Forensic Analysis Tool (NFAT) for Windows. It is developed and supported by Netresec, a small company headquartered in Sweden.
Volatility enables analyzing the runtime state of a system using the data found in volatile storage (RAM). It also provided a cross-platform, modular, and extensible platform to encourage further work. Another major goal of the project is to encourage the collaboration, innovation,…
FAW (for "Forensic Acquisition of Websites) is a suite of products that enable the user to capture content from webpages or mobile devices for use in forensics, and for other purposes.
X-Ways Forensics is an advanced work environment for computer forensic examiners and our flagship product that runs on Windows. X-Ways Forensics is presented as not resource-hungry, fast, finds deleted files and search hits that the competitors will miss, and does not depend on setting…
Phonexia Orbis Investigator is an out-of-the-box solution for the rapid investigation of audio recordings by law enforcement agencies. Powered by voice biometrics and speech recognition, it identifies speakers and other key information in audio recordings automatically and provides…
The Query.AI Security Investigations Platform offers access to cybersecurity data wherever it is stored (in the cloud, third-party SaaS, or on-prem), regardless of vendor or technology, and without requiring centralization, supporting security investigations across real-time and…
Since 2001 Paraben has been a foundation in solutions for mobile devices, smartphones, email, hard drives, and gaming system forensics. Paraben’s focus on mobility led to many other areas of innovation including the research and development into the Internet of Things (IoT) with…
MSAB, headquartered in Stockholm, Sweden, offers digital forensics software and services focusing on extracting data from mobile devices, with an emphasis on retrieving high quality data, and retaining its integrity.
Magnet Forensics is a developer of digital investigation software that acquires, analyzes and shares evidence from computers, smartphones, tablets and IoT related devices, headquartered in Waterloo, Ontario. Magnet Forensics partners with law enforcement, government, military and…
Mobile Verification Toolkit (MVT) is a tool to facilitate the consensual forensic analysis of Android and iOS devices, for the purpose of identifying traces of compromise. It is free and open source.
OpenText EnCase Forensic is a court-ready solution for finding, decrypting, collecting and preserving forensic data from a wide variety of devices, while ensuring evidence integrity and integrating investigation workflows.
CAINE (Computer Aided INvestigative Environment) is an Italian GNU/Linux live distribution created as a Digital Forensics project. CAINE offers a complete forensic environment that is organized to integrate existing software tools as software modules and to provide a graphical interface.…
FTK, or Forensic Toolkit developed by AccessData, is a purpose-built forensics solution that interoperates with mobile device and e-discovery technology. FTK processes and indexes data upfront, eliminating wasted time waiting for searches to execute. AccessData was acquired by Exterro…
ProDiscover Forensics is a comprehensive digital forensics software that empowers investigators to capture key evidence from computer systems. ProDiscover has capabilities to handle all aspects of an in-depth forensic investigation to collect, preserve, filter, and analyze evidence.…
What are Digital Forensics Tools?
Digital forensic tools are investigative tools that discover, extract, preserve, decrypt, and analyze digital evidence. A variety of tools capture information from a wide range of sources: including computers, servers, smartphones, disk drives, memory, networks, files, databases, the internet, and IoT devices.
They can be deployed individually or as part of a suite of digital forensic tools and include both software and hardware tools. They automate the presentation of evidence and are able to support multiple operating systems including Windows, Linux, Unix, macOS, iOS, and Android.
Digital forensic tools are used by law enforcement for criminal investigations and legal proceedings and by incident response teams to manage cyber security incidents, most notably in the banking, financial services, and insurance industries.
These tools are often used preemptively to ascertain the vulnerability of IT infrastructure and as part of security preventive maintenance. Many of the tools provide guidance on how to address current incidents and prevent future ones.
Machine learning and AI-assisted analysis is a growing trend in digital forensics and is being used to analyze large amounts of data from the cloud, social networks, IoT devices, and video, and for pattern recognition to identify potential cybercrimes.
Digital Forensics Tools Features
Digital forensic tools will have many of these features.
- Discover, extract, preserve, decrypt, and analyze digital evidence
- Collect data from computers, servers, laptops, tablets, smartphones, mobile devices, smartwatches, disk drives, data storage systems and devices, memory, registries, networks, routers, files, databases, emails, texts, the internet, browsers, social networks, digital media, video, GPS systems, and IoT devices
- Live acquisition of evidence
- Password and hash cracking
- Bit copying
- Disk cloning
- File recovery for hidden, deleted data, and unknown content
- Timeline analysis
- Data and metadata search
- Overcome encryption barriers and advanced locks
- Evidence preparation and reporting
- Custom workflows, configurable features, and tools
- Wizards, dashboards, and data visualization
- Support Windows, Linux, Unix, macOS, iOS, and Android
Digital Forensics Tools Comparison
Use Case: Law enforcement agencies require a multipurpose tool that supports electronic discovery, cyber forensics, analytics across a wide range of digital devices, remote capabilities, and evidence preparation and reporting. Commercial organizations that are focused on incident management and cybersecurity risk mitigation should select tools that include data and file recovery, network monitoring, and analysis.
Scope: Will the purchase of individual tools that target specific resources such as mobile devices, hard drives, memory, and networks best address your needs, or do you need a suite of tools that cover a wide range of digital resources?
Privacy and Security: The use of some sophisticated digital forensic tools can entail significant privacy and security-related risks and as such are only sold to law enforcement or governmental agencies.
Open-Source vs. Proprietary Tools: Many open-source digital forensic tools are free, however, that requires you have the expertise to utilize them. Proprietary tools can be more user-friendly providing training and support that facilitate their use.
Many open-source tools are free. A basic suite of forensic tools begins at around $3,500 per license. Forensic tools for large organizations often require a price quote. Free trials are sometimes available.