Introduction

The explosion of endpoints and escalation of attacks in general, has made DFIR a central capability within security strategies and threat hunting capabilities. These are some tools for digital forensics and incident response.

• First responder toolkit

• Audit trail tools

• SquashFS and fsfimage

• Imaging tools

• Carving tools

• Guymager

• Commercial tools

• RedLine

• Autopsy on Kali

• Autopsy on Windows

• Kroll Artifact Parser and Extractor (KAPE)

• Volatility

• Velociraptor

• TheHive project

• Libewf and ewf-tools

• BMC-tools

• libbde-utils

• Linux artifact analysis tools

• BusyBox (local)

• Google container tools