Introduction

The explosion of endpoints and escalation of attacks in general, has made DFIR a central capability within security strategies and threat hunting capabilities. These are some tools for digital forensics and incident response.

• First responder toolkit

• Audit trail tools

• SquashFS and fsfimage

• Imaging tools

• Carving tools

• Guymager

Analysis (general)

• Commercial tools

• RedLine

• Autopsy on Kali

• Autopsy on Windows

• Kroll Artifact Parser and Extractor (KAPE)

• Volatility

• Velociraptor

• TheHive project

• Libewf and ewf-tools

Windows specific

• BMC-tools

• libbde-utils

Linux specific

• Linux artifact analysis tools

Container specific

• Google container tools

Mobile specific

• apkeep (local)

• jadx (local)

• droidlysis (local)

• androguard (local)

• PiRogue tool suite (3rd party)

• Pithus