{"id":5880,"date":"2022-11-08T20:24:35","date_gmt":"2022-11-08T20:24:35","guid":{"rendered":"https:\/\/sajinshivdas.com\/security\/?p=5880"},"modified":"2023-03-27T08:34:29","modified_gmt":"2023-03-27T08:34:29","slug":"digital-forensics-tools-and-utilities","status":"publish","type":"post","link":"https:\/\/sajinshivdas.com\/cybersecurity\/digital-forensics-tools-and-utilities\/","title":{"rendered":"Digital Forensics Tools and Utilities"},"content":{"rendered":"[vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; overflow=&#8221;visible&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221;][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; column_position=&#8221;default&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/2&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][vc_column_text]\n<ul style=\"direction: ltr; unicode-bidi: embed; margin-top: 0in; margin-bottom: 0in;\" type=\"disc\">\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"#collections\"><span style=\"font-family: Calibri; font-size: 11.0pt;\">Collections<\/span><\/a><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"#Tools\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Tools<\/span><\/a>\n<ul style=\"direction: ltr; unicode-bidi: embed; margin-top: 0in; margin-bottom: 0in;\" type=\"circle\">\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span style=\"font-family: Calibri; font-size: 11.0pt;\">Distributions<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span style=\"font-family: Calibri; font-size: 11.0pt;\">Frameworks<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span style=\"font-family: Calibri; font-size: 11.0pt;\">Live Forensics<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span style=\"font-family: Calibri; font-size: 11.0pt;\">IOC Scanner<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span style=\"font-family: Calibri; font-size: 11.0pt;\">Acquisition<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span style=\"font-family: Calibri; font-size: 11.0pt;\">Imageing<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span style=\"font-family: Calibri; font-size: 11.0pt;\">Carving<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span style=\"font-family: Calibri; font-size: 11.0pt;\">Memory Forensics<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span style=\"font-family: Calibri; font-size: 11.0pt;\">Network Forensics<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Windows Artifacts<\/span>\n<ul style=\"direction: ltr; unicode-bidi: embed; margin-top: 0in; margin-bottom: 0in;\" type=\"disc\">\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span style=\"font-family: Calibri; font-size: 11.0pt;\">NTFS\/MFT Processing<\/span><\/li>\n<\/ul>\n<\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span style=\"font-family: Calibri; font-size: 11.0pt;\">OS X Forensics<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span style=\"font-family: Calibri; font-size: 11.0pt;\">Mobile Forensics<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span style=\"font-family: Calibri; font-size: 11.0pt;\">Docker Forensics<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span style=\"font-family: Calibri; font-size: 11.0pt;\">Internet Artifacts<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span style=\"font-family: Calibri; font-size: 11.0pt;\">Timeline Analysis<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span style=\"font-family: Calibri; font-size: 11.0pt;\">Disk image handling<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span style=\"font-family: Calibri; font-size: 11.0pt;\">Decryption<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span style=\"font-family: Calibri; font-size: 11.0pt;\">Management<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span style=\"font-family: Calibri; font-size: 11.0pt;\">Picture Analysis<\/span><\/li>\n<\/ul>\n<\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Learn Forensics<\/span>\n<ul style=\"direction: ltr; unicode-bidi: embed; margin-top: 0in; margin-bottom: 0in;\" type=\"circle\">\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span style=\"font-family: Calibri; font-size: 11.0pt;\">CTFs and Challenges<\/span><\/li>\n<\/ul>\n<\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Resources<\/span>\n<ul style=\"direction: ltr; unicode-bidi: embed; margin-top: 0in; margin-bottom: 0in;\" type=\"circle\">\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span style=\"font-family: Calibri; font-size: 11.0pt;\">Books<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span style=\"font-family: Calibri; font-size: 11.0pt;\">File System Corpora<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span style=\"font-family: Calibri; font-size: 11.0pt;\">Twitter<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span style=\"font-family: Calibri; font-size: 11.0pt;\">Blogs<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span style=\"font-family: Calibri; font-size: 11.0pt;\">Other<\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n[\/vc_column_text][\/vc_column][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; column_position=&#8221;default&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/2&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][vc_column_text]\n<blockquote>\n<h2><strong>Digital Forensics Tools and Utilities<\/strong><\/h2>\n<\/blockquote>\n[\/vc_column_text][nectar_single_testimonial testimonial_style=&#8221;basic&#8221; quote=&#8221;Free (mainly open source) forensic investigation tools and resources, hand-picked and organized for your convenience.&#8221;][\/vc_column][\/vc_row][vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; overflow=&#8221;visible&#8221; id=&#8221;collections&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221; gradient_type=&#8221;default&#8221; shape_type=&#8221;&#8221;][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; column_position=&#8221;default&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/1&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][vc_column_text]\n<p style=\"margin: 0in; font-family: Calibri; font-size: 18.0pt;\"><span style=\"font-weight: bold;\">Collections<\/span><\/p>\n<ul style=\"direction: ltr; unicode-bidi: embed; margin-top: 0in; margin-bottom: 0in;\" type=\"disc\">\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/aboutdfir.com\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">AboutDFIR \u2013 The Definitive Compendium Project<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Collection of forensic resources for learning and research. Offers lists of certifications, books, blogs, challenges and more<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/www.dfir.training\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">DFIR.Training<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Database of forensic resources focused on events, tools and more<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span lang=\"en-AE\" style=\"font-family: 'Segoe UI Emoji'; font-size: 11.0pt;\">\u2b50 <\/span><a href=\"https:\/\/github.com\/ForensicArtifacts\/artifacts\"><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">ForensicArtifacts.com Artifact Repository<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Machine-readable knowledge base of forensic artifacts<\/span><\/li>\n<\/ul>\n[\/vc_column_text][\/vc_column][\/vc_row][vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; overflow=&#8221;visible&#8221; id=&#8221;Tools&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221; gradient_type=&#8221;default&#8221; shape_type=&#8221;&#8221;][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; column_position=&#8221;default&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/1&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][vc_column_text]\n<p style=\"margin: 0in; font-family: Calibri; font-size: 18.0pt;\"><span style=\"font-weight: bold;\">Tools<\/span><\/p>\n<ul style=\"direction: ltr; unicode-bidi: embed; margin-top: 0in; margin-bottom: 0in;\" type=\"disc\">\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/en.wikipedia.org\/wiki\/List_of_digital_forensics_tools\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Forensics tools on Wikipedia<\/span><\/a><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/ericzimmerman.github.io\/#!index.md\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Eric Zimmerman&#8217;s Tools<\/span><\/a><\/li>\n<\/ul>\n[\/vc_column_text][\/vc_column][\/vc_row][vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; overflow=&#8221;visible&#8221; id=&#8221;Tools&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221; gradient_type=&#8221;default&#8221; shape_type=&#8221;&#8221;][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; column_position=&#8221;default&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/1&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][vc_column_text]\n<p style=\"margin: 0in; font-family: Calibri; font-size: 16.0pt;\"><span style=\"font-weight: bold;\">Distributions<\/span><\/p>\n<ul style=\"direction: ltr; unicode-bidi: embed; margin-top: 0in; margin-bottom: 0in;\" type=\"disc\">\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/vitaly-kamluk\/bitscout\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">bitscout<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; LiveCD\/LiveUSB for remote forensic acquisition and analysis<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/remnux.org\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Remnux<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Distro for reverse-engineering and analyzing malicious software<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/teamdfir\/sift\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">SANS Investigative Forensics Toolkit (sift)<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Linux distribution for forensic analysis<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/tsurugi-linux.org\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Tsurugi Linux<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Linux distribution for forensic analysis<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/www.winfe.net\/home\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">WinFE<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Windows Forensics enviroment<\/span><\/li>\n<\/ul>\n[\/vc_column_text][\/vc_column][\/vc_row][vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; overflow=&#8221;visible&#8221; id=&#8221;Tools&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221; gradient_type=&#8221;default&#8221; shape_type=&#8221;&#8221;][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; column_position=&#8221;default&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/1&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][vc_column_text]\n<p style=\"margin: 0in; font-family: Calibri; font-size: 16.0pt;\"><span style=\"font-weight: bold;\">Frameworks<\/span><\/p>\n<ul style=\"direction: ltr; unicode-bidi: embed; margin-top: 0in; margin-bottom: 0in;\" type=\"disc\">\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span lang=\"en-AE\" style=\"font-family: 'Segoe UI Emoji'; font-size: 11.0pt;\">\u2b50<\/span><a href=\"http:\/\/www.sleuthkit.org\/autopsy\/\"><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">Autopsy<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; SleuthKit GUI<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/arxsys\/dff\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">dff<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Forensic framework<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/coinbase\/dexter\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">dexter<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Dexter is a forensics acquisition framework designed to be extensible and secure<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/hashlookup\/hashlookup-forensic-analyser\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">hashlookup-forensic-analyser<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; A tool to analyse files from a forensic acquisition to find known\/unknown hashes from <\/span><a href=\"https:\/\/www.circl.lu\/services\/hashlookup\/\"><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">hashlookup<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> API or using a local Bloom filter.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/certtools\/intelmq\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">IntelMQ<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; IntelMQ collects and processes security feeds<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/DFIRKuiper\/Kuiper\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Kuiper<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Digital Investigation Platform<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/lmco\/laikaboss\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Laika BOSS<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Laika is an object scanner and intrusion detection system<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/Invoke-IR\/PowerForensics\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">PowerForensics<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; PowerForensics is a framework for live disk forensic analysis<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/tap-ir\/tapir\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">TAPIR<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; TAPIR (Trustable Artifacts Parser for Incident Response) is a multi-user, client\/server, incident response framework<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span lang=\"en-AE\" style=\"font-family: 'Segoe UI Emoji'; font-size: 11.0pt;\">\u2b50 <\/span><a href=\"https:\/\/github.com\/sleuthkit\/sleuthkit\"><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">The Sleuth Kit<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Tools for low level forensic analysis<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/google\/turbinia\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">turbinia<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Turbinia is an open-source framework for deploying, managing, and running forensic workloads on cloud platforms<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/sepinf-inc\/IPED\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">IPED &#8211; Indexador e Processador de Evid\u00eancias Digitais<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Brazilian Federal Police Tool for Forensic Investigations<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/pjrinaldi\/wombatforensics\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Wombat Forensics<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Forensic GUI tool<\/span><\/li>\n<\/ul>\n[\/vc_column_text][\/vc_column][\/vc_row][vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; overflow=&#8221;visible&#8221; id=&#8221;Tools&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221; gradient_type=&#8221;default&#8221; shape_type=&#8221;&#8221;][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; column_position=&#8221;default&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/1&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][vc_column_text]\n<p style=\"margin: 0in; font-family: Calibri; font-size: 16.0pt;\"><span style=\"font-weight: bold;\">Live Forensics<\/span><\/p>\n<ul style=\"direction: ltr; unicode-bidi: embed; margin-top: 0in; margin-bottom: 0in;\" type=\"disc\">\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/google\/grr\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">grr<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; GRR Rapid Response: remote live forensics for incident response<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/intezer\/linux-explorer\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Linux Expl0rer<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Easy-to-use live forensics toolbox for Linux endpoints written in Python &amp; Flask<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/mozilla\/mig\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">mig<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Distributed &amp; real time digital forensics at the speed of the cloud<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/osquery\/osquery\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">osquery<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; SQL powered operating system analytics<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/gmagklaras\/pofr\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">POFR<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; The Penguin OS Flight Recorder collects, stores and organizes for further analysis process execution, file access and network\/socket endpoint data from the Linux Operating System.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/tclahr\/uac\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">UAC<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; UAC (Unix-like Artifacts Collector) is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.<\/span><\/li>\n<\/ul>\n[\/vc_column_text][\/vc_column][\/vc_row][vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; overflow=&#8221;visible&#8221; id=&#8221;Tools&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221; gradient_type=&#8221;default&#8221; shape_type=&#8221;&#8221;][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; column_position=&#8221;default&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/1&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][vc_column_text]\n<p style=\"margin: 0in; font-family: Calibri; font-size: 16.0pt;\"><span style=\"font-weight: bold;\">IOC Scanner<\/span><\/p>\n<ul style=\"direction: ltr; unicode-bidi: embed; margin-top: 0in; margin-bottom: 0in;\" type=\"disc\">\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/codeyourweb\/fastfinder\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Fastfinder<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Fast customisable cross-platform suspicious file finder. Supports md5\/sha1\/sha256 hashes, literal\/wildcard strings, regular expressions and YARA rules<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/Neo23x0\/Fenrir\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Fenrir<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Simple Bash IOC Scanner<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/Neo23x0\/Loki\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Loki<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Simple IOC and Incident Response Scanner<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/fireeye.market\/apps\/211364\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Redline<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Free endpoint security tool from FireEye<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/www.nextron-systems.com\/thor-lite\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">THOR Lite<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Free IOC and YARA Scanner<\/span><\/li>\n<\/ul>\n[\/vc_column_text][\/vc_column][\/vc_row][vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; overflow=&#8221;visible&#8221; id=&#8221;Tools&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221; gradient_type=&#8221;default&#8221; shape_type=&#8221;&#8221;][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; column_position=&#8221;default&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/1&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][vc_column_text]\n<p style=\"margin: 0in; font-family: Calibri; font-size: 16.0pt;\"><span style=\"font-weight: bold;\">Acquisition<\/span><\/p>\n<ul style=\"direction: ltr; unicode-bidi: embed; margin-top: 0in; margin-bottom: 0in;\" type=\"disc\">\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/forensicanalysis\/artifactcollector\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">artifactcollector<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; A customizable agent to collect forensic artifacts on any Windows, macOS or Linux system<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/Silv3rHorn\/ArtifactExtractor\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">ArtifactExtractor<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Extract common Windows artifacts from source images and VSCs<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/microsoft\/avml\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">AVML<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; A portable volatile memory acquisition tool for Linux<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/belkasoft.com\/ram-capturer\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Belkasoft RAM Capturer<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Volatile Memory Acquisition Tool<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/www.crowdstrike.com\/resources\/community-tools\/crowdresponse\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">CrowdResponse<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; A static host data collection tool by CrowdStrike<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/dfir-orc.github.io\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">DFIR ORC<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Forensics artefact collection tool for systems running Microsoft Windows<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/SekoiaLab\/Fastir_Collector\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">FastIR Collector<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Collect artifacts on windows<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/fireeye.market\/apps\/211368\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">FireEye Memoryze<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; A free memory forensic software<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/504ensicsLabs\/LiME\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">LiME<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Loadable Kernel Module (LKM), which allows the acquisition of volatile memory from Linux and Linux-based devices, formerly called DMD<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/www.magnetforensics.com\/resources\/magnet-ram-capture\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Magnet RAM Capture<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; A free imaging tool designed to capture the physical memory<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/op7ic\/unix_collector\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">unix_collector<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; A live forensic collection script for UNIX-like systems as a single script.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/Velocidex\/velociraptor\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Velociraptor<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Velociraptor is a tool for collecting host based state information using Velocidex Query Language (VQL) queries<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/www.securizame.com\/wintriage-the-triage-tool-for-windows-dfirers\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">WinTriage<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Wintriage is a live response tool that extracts Windows artifacts. It must be executed with local or domain administrator privileges and recommended to be done from an external drive.<\/span><\/li>\n<\/ul>\n[\/vc_column_text][\/vc_column][\/vc_row][vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; overflow=&#8221;visible&#8221; id=&#8221;Tools&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221; gradient_type=&#8221;default&#8221; shape_type=&#8221;&#8221;][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; column_position=&#8221;default&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/1&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][vc_column_text]\n<p style=\"margin: 0in; font-family: Calibri; font-size: 16.0pt;\"><span style=\"font-weight: bold;\">Carving<\/span><\/p>\n<ul style=\"direction: ltr; unicode-bidi: embed; margin-top: 0in; margin-bottom: 0in;\" type=\"disc\">\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/EricZimmerman\/bstrings\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">bstrings<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Improved strings utility<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/simsong\/bulk_extractor\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">bulk_extractor<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Extracts information such as email addresses, creditcard numbers and histrograms from disk images<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/mandiant\/flare-floss\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">floss<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Static analysis tool to automatically deobfuscate strings from malware binaries<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span lang=\"en-AE\" style=\"font-family: 'Segoe UI Emoji'; font-size: 11.0pt;\">\u2b50 <\/span><a href=\"https:\/\/www.cgsecurity.org\/wiki\/PhotoRec\"><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">photorec<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; File carving tool<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/sevagas\/swap_digger\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">swap_digger<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; A bash script used to automate Linux swap analysis, automating swap extraction and searches for Linux user credentials, Web form credentials, Web form emails, etc.<\/span><\/li>\n<\/ul>\n[\/vc_column_text][\/vc_column][\/vc_row][vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; overflow=&#8221;visible&#8221; id=&#8221;Tools&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221; gradient_type=&#8221;default&#8221; shape_type=&#8221;&#8221;][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; column_position=&#8221;default&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/1&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][vc_column_text]\n<p style=\"margin: 0in; font-family: Calibri; font-size: 16.0pt;\"><span style=\"font-weight: bold;\">Imaging<\/span><\/p>\n<ul style=\"direction: ltr; unicode-bidi: embed; margin-top: 0in; margin-bottom: 0in;\" type=\"disc\">\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/sourceforge.net\/projects\/dc3dd\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">dc3dd<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Improved version of dd<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/dcfldd.sourceforge.net\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">dcfldd<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Different improved version of dd (this version has some bugs!, another version is on github <\/span><a href=\"https:\/\/github.com\/adulau\/dcfldd\"><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">adulau\/dcfldd<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">)<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/accessdata.com\/product-download\/ftk-imager-version-4-5\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">FTK Imager<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Free imageing tool for windows<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span lang=\"en-AE\" style=\"font-family: 'Segoe UI Emoji'; font-size: 11.0pt;\">\u2b50 <\/span><a href=\"https:\/\/guymager.sourceforge.io\/\"><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">Guymager<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Open source version for disk imageing on linux systems<\/span><\/li>\n<\/ul>\n[\/vc_column_text][\/vc_column][\/vc_row][vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; overflow=&#8221;visible&#8221; id=&#8221;Tools&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221; gradient_type=&#8221;default&#8221; shape_type=&#8221;&#8221;][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; column_position=&#8221;default&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/1&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][vc_column_text]\n<p style=\"margin: 0in; font-family: Calibri; font-size: 16.0pt;\"><span style=\"font-weight: bold;\">Memory Forensics<\/span><\/p>\n<ul style=\"direction: ltr; unicode-bidi: embed; margin-top: 0in; margin-bottom: 0in;\" type=\"disc\">\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/ShaneK2\/inVtero.net\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">inVtero.net<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; High speed memory analysis framework developed in .NET supports all Windows x64, includes code integrity and write support<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/denandz\/KeeFarce\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">KeeFarce<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Extract KeePass passwords from memory<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/ufrisk\/MemProcFS\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">MemProcFS<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; An easy and convenient way of accessing physical memory as files a virtual file system.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/google\/rekall\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Rekall<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Memory Forensic Framework<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/volatilityfoundation\/volatility\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">volatility<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; The memory forensic framework<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/kevthehermit\/VolUtility\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">VolUtility<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Web App for Volatility framework<\/span><\/li>\n<\/ul>\n[\/vc_column_text][\/vc_column][\/vc_row][vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; overflow=&#8221;visible&#8221; id=&#8221;Tools&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221; gradient_type=&#8221;default&#8221; shape_type=&#8221;&#8221;][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; column_position=&#8221;default&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/1&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][vc_column_text]\n<p style=\"margin: 0in; font-family: Calibri; font-size: 16.0pt;\"><span style=\"font-weight: bold;\">Network Forensics<\/span><\/p>\n<ul style=\"direction: ltr; unicode-bidi: embed; margin-top: 0in; margin-bottom: 0in;\" type=\"disc\">\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/kismetwireless\/kismet\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Kismet<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; A passive wireless sniffer<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/www.netresec.com\/?page=Networkminer\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">NetworkMiner<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Network Forensic Analysis Tool<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span lang=\"en-AE\" style=\"font-family: 'Segoe UI Emoji'; font-size: 11.0pt;\">\u2b50 <\/span><a href=\"https:\/\/www.wireshark.org\/\"><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">WireShark<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; A network protocol analyzer<\/span><\/li>\n<\/ul>\n[\/vc_column_text][\/vc_column][\/vc_row][vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; overflow=&#8221;visible&#8221; id=&#8221;Tools&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221; gradient_type=&#8221;default&#8221; shape_type=&#8221;&#8221;][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; column_position=&#8221;default&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/1&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][vc_column_text]\n<p style=\"margin: 0in; font-family: Calibri; font-size: 16.0pt;\"><span style=\"font-weight: bold;\">Windows Artifacts<\/span><\/p>\n<ul style=\"direction: ltr; unicode-bidi: embed; margin-top: 0in; margin-bottom: 0in;\" type=\"disc\">\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/yampelo\/beagle\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Beagle<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Transform data sources and logs into graphs<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/www.pinguin.lu\/fred\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">FRED<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Cross-platform microsoft registry hive editor<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/www.nirsoft.net\/utils\/computer_activity_view.html\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">LastActivityView<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; LastActivityView by Nirsoftis a tool for Windows operating system that collects information from various sources on a running system, and displays a log of actions made by the user and events occurred on this computer.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/JPCERTCC\/LogonTracer\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">LogonTracer<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Investigate malicious Windows logon by visualizing and analyzing Windows event log<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/williballenthin\/python-evt\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">python-evt<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Pure Python parser for classic Windows Event Log files (.evt)<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/keydet89\/RegRipper3.0\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">RegRipper3.0<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; RegRipper is an open source Perl tool for parsing the Registry and presenting it for analysis<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/airbus-cert\/regrippy\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">RegRippy<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; A framework for reading and extracting useful forensics data from Windows registry hives<\/span><\/li>\n<\/ul>\n[\/vc_column_text][\/vc_column][\/vc_row][vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; overflow=&#8221;visible&#8221; id=&#8221;Tools&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221; gradient_type=&#8221;default&#8221; shape_type=&#8221;&#8221;][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; column_position=&#8221;default&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/1&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][vc_column_text]\n<p style=\"margin: 0in; font-family: Calibri; font-size: 16.0pt;\"><span style=\"font-weight: bold;\">NTFS\/MFT Processing<\/span><\/p>\n<ul style=\"direction: ltr; unicode-bidi: embed; margin-top: 0in; margin-bottom: 0in;\" type=\"disc\">\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"http:\/\/az4n6.blogspot.com\/2015\/09\/whos-your-master-mft-parsers-reviewed.html\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">MFT-Parsers<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Comparison of MFT-Parsers<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/binaryforay.blogspot.com\/2018\/06\/introducing-mftecmd.html\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">MFTEcmd<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; MFT Parser by Eric Zimmerman<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/aarsakian\/MFTExtractor\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">MFTExtractor<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; MFT-Parser<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"http:\/\/strozfriedberg.github.io\/ntfs-linker\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">NTFS journal parser<\/span><\/a><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/PoorBillionaire\/USN-Journal-Parser\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">NTFS USN Journal parser<\/span><\/a><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/Lazza\/RecuperaBit\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">RecuperaBit<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Reconstruct and recover NTFS data<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/williballenthin\/python-ntfs\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">python-ntfs<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; NTFS analysis<\/span><\/li>\n<\/ul>\n[\/vc_column_text][\/vc_column][\/vc_row][vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; overflow=&#8221;visible&#8221; id=&#8221;Tools&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221; gradient_type=&#8221;default&#8221; shape_type=&#8221;&#8221;][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; column_position=&#8221;default&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/1&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][vc_column_text]\n<p style=\"margin: 0in; font-family: Calibri; font-size: 16.0pt;\"><span style=\"font-weight: bold;\">OS X Forensics<\/span><\/p>\n<ul style=\"direction: ltr; unicode-bidi: embed; margin-top: 0in; margin-bottom: 0in;\" type=\"disc\">\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/sgan81\/apfs-fuse\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">APFS Fuse<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; A read-only FUSE driver for the new Apple File System<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/ydkhatri\/mac_apt\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">mac_apt (macOS Artifact Parsing Tool)<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Extracts forensic artifacts from disk images or live machines<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/mac4n6\/Mac-Locations-Scraper\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">MacLocationsScraper<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Dump the contents of the location database files on iOS and macOS<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/mac4n6\/macMRU-Parser\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">macMRUParser<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Python script to parse the Most Recently Used (MRU) plist files on macOS into a more human friendly format<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/jipegit\/OSXAuditor\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">OSXAuditor<\/span><\/a><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/Yelp\/osxcollector\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">OSX Collect<\/span><\/a><\/li>\n<\/ul>\n[\/vc_column_text][\/vc_column][\/vc_row][vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; overflow=&#8221;visible&#8221; id=&#8221;Tools&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221; gradient_type=&#8221;default&#8221; shape_type=&#8221;&#8221;][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; column_position=&#8221;default&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/1&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][vc_column_text]\n<p style=\"margin: 0in; font-family: Calibri; font-size: 16.0pt;\"><span style=\"font-weight: bold;\">Internet Artifacts<\/span><\/p>\n<ul style=\"direction: ltr; unicode-bidi: embed; margin-top: 0in; margin-bottom: 0in;\" type=\"disc\">\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/www.nirsoft.net\/utils\/chrome_cache_view.html\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">ChromeCacheView<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; A small utility that reads the cache folder of Google Chrome Web browser, and displays the list of all files currently stored in the cache<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/eLoopWoo\/chrome-url-dumper\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">chrome-url-dumper<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Dump all local stored infromation collected by Chrome<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/obsidianforensics\/hindsight\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">hindsight<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Internet history forensics for Google Chrome\/Chromium<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/moaistory\/IE10Analyzer\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">IE10Analyzer<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; This tool can parse normal records and recover deleted records in WebCacheV01.dat.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/obsidianforensics\/unfurl\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">unfurl<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Extract and visualize data from URLs<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/moaistory\/WinSearchDBAnalyzer\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">WinSearchDBAnalyzer<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; This tool can parse normal records and recover deleted records in Windows.edb.<\/span><\/li>\n<\/ul>\n[\/vc_column_text][\/vc_column][\/vc_row][vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; overflow=&#8221;visible&#8221; id=&#8221;Tools&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221; gradient_type=&#8221;default&#8221; shape_type=&#8221;&#8221;][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; column_position=&#8221;default&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/1&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][vc_column_text]\n<p style=\"margin: 0in; font-family: Calibri; font-size: 16.0pt;\"><span style=\"font-weight: bold;\">Docker Forensics<\/span><\/p>\n<ul style=\"direction: ltr; unicode-bidi: embed; margin-top: 0in; margin-bottom: 0in;\" type=\"disc\">\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/docker-forensics-toolkit\/toolkit\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">dof (Docker Forensics Toolkit)<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Extracts and interprets forensic artifacts from disk images of Docker Host systems<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/google\/docker-explorer\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Docker Explorer<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> Extracts and interprets forensic artifacts from disk images of Docker Host systems<\/span><\/li>\n<\/ul>\n[\/vc_column_text][\/vc_column][\/vc_row][vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; overflow=&#8221;visible&#8221; id=&#8221;Tools&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221; gradient_type=&#8221;default&#8221; shape_type=&#8221;&#8221;][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; column_position=&#8221;default&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/1&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][vc_column_text]\n<p style=\"margin: 0in; font-family: Calibri; font-size: 16.0pt;\"><span style=\"font-weight: bold;\">Internet Artifacts<\/span><\/p>\n<ul style=\"direction: ltr; unicode-bidi: embed; margin-top: 0in; margin-bottom: 0in;\" type=\"disc\">\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/www.nirsoft.net\/utils\/chrome_cache_view.html\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">ChromeCacheView<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; A small utility that reads the cache folder of Google Chrome Web browser, and displays the list of all files currently stored in the cache<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/eLoopWoo\/chrome-url-dumper\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">chrome-url-dumper<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Dump all local stored infromation collected by Chrome<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/obsidianforensics\/hindsight\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">hindsight<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Internet history forensics for Google Chrome\/Chromium<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/moaistory\/IE10Analyzer\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">IE10Analyzer<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; This tool can parse normal records and recover deleted records in WebCacheV01.dat.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/obsidianforensics\/unfurl\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">unfurl<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Extract and visualize data from URLs<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/moaistory\/WinSearchDBAnalyzer\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">WinSearchDBAnalyzer<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; This tool can parse normal records and recover deleted records in Windows.edb.<\/span><\/li>\n<\/ul>\n[\/vc_column_text][\/vc_column][\/vc_row][vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; overflow=&#8221;visible&#8221; id=&#8221;Tools&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221; gradient_type=&#8221;default&#8221; shape_type=&#8221;&#8221;][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; column_position=&#8221;default&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/1&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][vc_column_text]\n<p style=\"margin: 0in; font-family: Calibri; font-size: 16.0pt;\"><span style=\"font-weight: bold;\">Management<\/span><\/p>\n<ul style=\"direction: ltr; unicode-bidi: embed; margin-top: 0in; margin-bottom: 0in;\" type=\"disc\">\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/dfirtrack\/dfirtrack\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">dfirtrack<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Digital Forensics and Incident Response Tracking application, track systems<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/veeral-patel\/incidents\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Incidents<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Web application for organizing non-trivial security investigations. Built on the idea that incidents are trees of tickets, where some tickets are leads<\/span><\/li>\n<\/ul>\n[\/vc_column_text][\/vc_column][\/vc_row][vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; overflow=&#8221;visible&#8221; id=&#8221;Tools&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221; gradient_type=&#8221;default&#8221; shape_type=&#8221;&#8221;][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; column_position=&#8221;default&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/1&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][vc_column_text]\n<p style=\"margin: 0in; font-family: Calibri; font-size: 16.0pt;\"><span style=\"font-weight: bold;\">Timeline Analysis<\/span><\/p>\n<ul style=\"direction: ltr; unicode-bidi: embed; margin-top: 0in; margin-bottom: 0in;\" type=\"disc\">\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/log2timeline\/dftimewolf\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">DFTimewolf<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Framework for orchestrating forensic collection, processing and data export using GRR and Rekall<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span lang=\"en-AE\" style=\"font-family: 'Segoe UI Emoji'; font-size: 11.0pt;\">\u2b50 <\/span><a href=\"https:\/\/github.com\/log2timeline\/plaso\"><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">plaso<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Extract timestamps from various files and aggregate them<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/binaryforay.blogspot.com\/2017\/04\/introducing-timeline-explorer-v0400.html\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Timeline Explorer<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Timeline Analysis tool for CSV and Excel files. Built for SANS FOR508 students<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/airbus-cert\/timeliner\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">timeliner<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; A rewrite of mactime, a bodyfile reader<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/google\/timesketch\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">timesketch<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Collaborative forensic timeline analysis<\/span><\/li>\n<\/ul>\n[\/vc_column_text][\/vc_column][\/vc_row][vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; overflow=&#8221;visible&#8221; id=&#8221;Tools&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221; gradient_type=&#8221;default&#8221; shape_type=&#8221;&#8221;][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; column_position=&#8221;default&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/1&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][vc_column_text]\n<p style=\"margin: 0in; font-family: Calibri; font-size: 16.0pt;\"><span style=\"font-weight: bold;\">Disk image handling<\/span><\/p>\n<ul style=\"direction: ltr; unicode-bidi: embed; margin-top: 0in; margin-bottom: 0in;\" type=\"disc\">\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/aburgh\/Disk-Arbitrator\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Disk Arbitrator<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; A Mac OS X forensic utility designed to help the user ensure correct forensic procedures are followed during imaging of a disk device<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/ralphje\/imagemounter\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">imagemounter<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Command line utility and Python package to ease the (un)mounting of forensic disk images<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/libyal\/libewf\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">libewf<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Libewf is a library and some tools to access the Expert Witness Compression Format (EWF, E01)<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/forensicmatt\/PancakeViewer\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">PancakeViewer<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Disk image viewer based in dfvfs, similar to the FTK Imager viewer<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/www.pinguin.lu\/xmount\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">xmount<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Convert between different disk image formats<\/span><\/li>\n<\/ul>\n[\/vc_column_text][\/vc_column][\/vc_row][vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; overflow=&#8221;visible&#8221; id=&#8221;Tools&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221; gradient_type=&#8221;default&#8221; shape_type=&#8221;&#8221;][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; column_position=&#8221;default&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/1&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][vc_column_text]\n<p style=\"margin: 0in; font-family: Calibri; font-size: 16.0pt;\"><span style=\"font-weight: bold;\">Decryption<\/span><\/p>\n<ul style=\"direction: ltr; unicode-bidi: embed; margin-top: 0in; margin-bottom: 0in;\" type=\"disc\">\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/hashcat.net\/hashcat\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">hashcat<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Fast password cracker with GPU support<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/www.openwall.com\/john\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">John the Ripper<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Password cracker<\/span><\/li>\n<\/ul>\n[\/vc_column_text][\/vc_column][\/vc_row][vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; overflow=&#8221;visible&#8221; id=&#8221;Tools&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221; gradient_type=&#8221;default&#8221; shape_type=&#8221;&#8221;][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; column_position=&#8221;default&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/1&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][vc_column_text]\n<p style=\"margin: 0in; font-family: Calibri; font-size: 16.0pt;\"><span style=\"font-weight: bold;\">Picture Analysis<\/span><\/p>\n<ul style=\"direction: ltr; unicode-bidi: embed; margin-top: 0in; margin-bottom: 0in;\" type=\"disc\">\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"http:\/\/www.getghiro.org\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Ghiro<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; A fully automated tool designed to run forensics analysis over a massive amount of images<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/GuidoBartoli\/sherloq\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">sherloq<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; An open-source digital photographic image forensic toolset<\/span><\/li>\n<\/ul>\n[\/vc_column_text][\/vc_column][\/vc_row][vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; overflow=&#8221;visible&#8221; id=&#8221;Tools&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221; gradient_type=&#8221;default&#8221; shape_type=&#8221;&#8221;][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; column_position=&#8221;default&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/1&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][vc_column_text]\n<p style=\"margin: 0in; font-family: Calibri; font-size: 16.0pt;\"><span style=\"font-weight: bold;\">Metadata Forensics<\/span><\/p>\n<ul style=\"direction: ltr; unicode-bidi: embed; margin-top: 0in; margin-bottom: 0in;\" type=\"disc\">\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/exiftool.org\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">ExifTool<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> by Phil Harvey<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/ElevenPaths\/FOCA\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">FOCA<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; FOCA is a tool used mainly to find metadata and hidden information in the documents<\/span><\/li>\n<\/ul>\n[\/vc_column_text][\/vc_column][\/vc_row][vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; overflow=&#8221;visible&#8221; id=&#8221;Tools&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221; gradient_type=&#8221;default&#8221; shape_type=&#8221;&#8221;][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; column_position=&#8221;default&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/1&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][vc_column_text]\n<p style=\"margin: 0in; font-family: Calibri; font-size: 16.0pt;\"><span style=\"font-weight: bold;\">Steganography<\/span><\/p>\n<ul style=\"direction: ltr; unicode-bidi: embed; margin-top: 0in; margin-bottom: 0in;\" type=\"disc\">\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/www.sonicvisualiser.org\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Sonicvisualizer<\/span><\/a><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/StefanoDeVuono\/steghide\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Steghide<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; is a steganography program that hides data in various kinds of image and audio files<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/samolds\/wavsteg\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Wavsteg<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; is a steganography program that hides data in various kinds of image and audio files<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/zed-0xff\/zsteg\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Zsteg<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; A steganographic coder for WAV files<\/span><\/li>\n<\/ul>\n[\/vc_column_text][\/vc_column][\/vc_row][vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; overflow=&#8221;visible&#8221; id=&#8221;Tools&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221; gradient_type=&#8221;default&#8221; shape_type=&#8221;&#8221;][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; column_position=&#8221;default&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/1&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][vc_column_text]\n<p style=\"margin: 0in; font-family: Calibri; font-size: 18.0pt;\"><span style=\"font-weight: bold;\">Learn Forensics<\/span><\/p>\n<ul style=\"direction: ltr; unicode-bidi: embed; margin-top: 0in; margin-bottom: 0in;\" type=\"disc\">\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/www.amanhardikar.com\/mindmaps\/ForensicChallenges.html\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Forensic challenges<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Mindmap of forensic challenges<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/www.open.edu\/openlearn\/science-maths-technology\/digital-forensics\/content-section-0?active-tab=description-tab\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">OpenLearn<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Digital forensic course<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/www.enisa.europa.eu\/topics\/trainings-for-cybersecurity-specialists\/online-training-material\/technical-operational\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Training material<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Online training material by European Union Agency for Network and Information Security for different topics (e.g. <\/span><a href=\"https:\/\/www.enisa.europa.eu\/topics\/trainings-for-cybersecurity-specialists\/online-training-material\/technical-operational\/#digital_forensics\"><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">Digital forensics<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">, <\/span><a href=\"https:\/\/www.enisa.europa.eu\/topics\/trainings-for-cybersecurity-specialists\/online-training-material\/technical-operational\/#network_forensics\"><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">Network forensics<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">)<\/span><\/li>\n<\/ul>\n[\/vc_column_text][\/vc_column][\/vc_row][vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; overflow=&#8221;visible&#8221; id=&#8221;Tools&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221; gradient_type=&#8221;default&#8221; shape_type=&#8221;&#8221;][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; column_position=&#8221;default&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/1&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][vc_column_text]\n<p style=\"margin: 0in; font-family: Calibri; font-size: 16.0pt;\"><span style=\"font-weight: bold;\">CTFs and Challenges<\/span><\/p>\n<ul style=\"direction: ltr; unicode-bidi: embed; margin-top: 0in; margin-bottom: 0in;\" type=\"disc\">\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/champdfa-ccsc-sp20.ctfd.io\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Champlain College DFIR CTF<\/span><\/a><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/cyberdefenders.org\/blueteam-ctf-challenges\/?type=ctf\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">CyberDefenders<\/span><\/a><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/archive.ooo\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">DefCon CTFs<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; archive of DEF CON CTF challenges.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/apsdehal\/awesome-ctf\/blob\/master\/README.md#forensics\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Forensics CTFs<\/span><\/a><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/www.magnetforensics.com\/blog\/magnet-weekly-ctf-challenge\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">MagnetForensics CTF Challenge<\/span><\/a><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/www.malwaretech.com\/challenges\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">MalwareTech Challenges<\/span><\/a><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/www.malware-traffic-analysis.net\/training-exercises.html\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">MalwareTraffic Analysis<\/span><\/a><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/stuxnet999\/MemLabs\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">MemLabs<\/span><\/a><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/nw3.ctfd.io\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">NW3C Chanllenges<\/span><\/a><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/betweentwodfirns.blogspot.com\/2017\/11\/dfir-ctf-precision-widgets-of-north.html\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Precision Widgets of North Dakota Intrusion<\/span><\/a><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/challenges.re\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">ReverseEngineering Challenges<\/span><\/a><\/li>\n<\/ul>\n[\/vc_column_text][\/vc_column][\/vc_row][vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; overflow=&#8221;visible&#8221; id=&#8221;Tools&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221; gradient_type=&#8221;default&#8221; shape_type=&#8221;&#8221;][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; column_position=&#8221;default&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/1&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][vc_column_text]\n<p style=\"margin: 0in; font-family: Calibri; font-size: 18.0pt;\"><span style=\"font-weight: bold;\">Resources<\/span><\/p>\n[\/vc_column_text][\/vc_column][\/vc_row][vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; overflow=&#8221;visible&#8221; id=&#8221;Tools&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221; gradient_type=&#8221;default&#8221; shape_type=&#8221;&#8221;][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; column_position=&#8221;default&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/1&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][vc_column_text]\n<p style=\"margin: 0in; font-family: Calibri; font-size: 16.0pt;\"><span style=\"font-weight: bold;\">Web<\/span><\/p>\n<ul style=\"direction: ltr; unicode-bidi: embed; margin-top: 0in; margin-bottom: 0in;\" type=\"disc\">\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/www.forensicfocus.com\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">ForensicsFocus<\/span><\/a><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/resources.infosecinstitute.com\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Insecstitute Resources<\/span><\/a><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/www.sans.org\/digital-forensics-incident-response\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">SANS Digital Forensics<\/span><\/a><\/li>\n<\/ul>\n[\/vc_column_text][\/vc_column][\/vc_row][vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; overflow=&#8221;visible&#8221; id=&#8221;Tools&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221; gradient_type=&#8221;default&#8221; shape_type=&#8221;&#8221;][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; column_position=&#8221;default&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/1&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][vc_column_text]\n<p style=\"margin: 0in; font-family: Calibri; font-size: 16.0pt;\"><span style=\"font-weight: bold;\">Blogs<\/span><\/p>\n<ul style=\"direction: ltr; unicode-bidi: embed; margin-top: 0in; margin-bottom: 0in;\" type=\"disc\">\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/www.flashbackdata.com\/blog\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">FlashbackData<\/span><\/a><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/www.netresec.com\/index.ashx?page=Blog\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Netresec<\/span><\/a><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/www.sans.org\/blog\/?focus-area=digital-forensics\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">SANS Forensics Blog<\/span><\/a><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/securityaffairs.co\/wordpress\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">SecurityAffairs<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; blog by Pierluigi Paganini<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/cugu\/awesome-forensics\/blob\/main\/thisweekin4n6.wordpress.com\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">thisweekin4n6.wordpress.com<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Weekly updates for forensics<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/blog.digital-forensics.it\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Zena Forensics<\/span><\/a><\/li>\n<\/ul>\n[\/vc_column_text][\/vc_column][\/vc_row][vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; overflow=&#8221;visible&#8221; id=&#8221;Tools&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221; gradient_type=&#8221;default&#8221; shape_type=&#8221;&#8221;][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; column_position=&#8221;default&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/1&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][vc_column_text]\n<p style=\"margin: 0in; font-family: Calibri; font-size: 16.0pt;\"><span style=\"font-weight: bold;\">Books<\/span><\/p>\n<ul style=\"direction: ltr; unicode-bidi: embed; margin-top: 0in; margin-bottom: 0in;\" type=\"disc\">\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/www.pearson.com\/en-us\/subject-catalog\/p\/Davidoff-Network-Forensics-Tracking-Hackers-through-Cyberspace\/P200000009228\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Network Forensics: Tracking Hackers through Cyberspace<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Learn to recognize hackers\u2019 tracks and uncover network-based evidence<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/www.memoryanalysis.net\/amf\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">The Art of Memory Forensics<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Detecting Malware and Threats in Windows, Linux, and Mac Memory<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/nostarch.com\/nsm\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">The Practice of Network Security Monitoring<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Understanding Incident Detection and Response<\/span><\/li>\n<\/ul>\n[\/vc_column_text][\/vc_column][\/vc_row][vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; overflow=&#8221;visible&#8221; id=&#8221;Tools&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221; gradient_type=&#8221;default&#8221; shape_type=&#8221;&#8221;][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; column_position=&#8221;default&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/1&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][vc_column_text]\n<p style=\"margin: 0in; font-family: Calibri; font-size: 16.0pt;\"><span style=\"font-weight: bold;\">File System Corpora<\/span><\/p>\n<ul style=\"direction: ltr; unicode-bidi: embed; margin-top: 0in; margin-bottom: 0in;\" type=\"disc\">\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/www.ashemery.com\/dfir.html\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Digital Forensic Challenge Images<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Two DFIR challenges with images<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/sourceforge.net\/projects\/dftt\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Digital Forensics Tool Testing Images<\/span><\/a><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/cfreds.nist.gov\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">The CFReDS Project<\/span><\/a><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/cfreds.nist.gov\/Hacking_Case.html\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Hacking Case (4.5 GB NTFS Image)<\/span><\/a><\/li>\n<\/ul>\n[\/vc_column_text][\/vc_column][\/vc_row][vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; overflow=&#8221;visible&#8221; id=&#8221;Tools&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221; gradient_type=&#8221;default&#8221; shape_type=&#8221;&#8221;][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; column_position=&#8221;default&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/1&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][vc_column_text]\n<p style=\"margin: 0in; font-family: Calibri; font-size: 16.0pt;\"><span style=\"font-weight: bold;\">Twitter<\/span><\/p>\n<ul style=\"direction: ltr; unicode-bidi: embed; margin-top: 0in; margin-bottom: 0in;\" type=\"disc\">\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/twitter.com\/4n6ist\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">@4n6ist<\/span><\/a><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/twitter.com\/aheadless\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">@aheadless<\/span><\/a><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/twitter.com\/AppleExaminer\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">@AppleExaminer<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Apple OS X &amp; iOS Digital Forensics<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/twitter.com\/carrier4n6\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">@carrier4n6<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Brian Carrier, author of Autopsy and the Sleuth Kit<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/twitter.com\/CindyMurph\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">@CindyMurph<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Detective &amp; Digital Forensic Examiner<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/twitter.com\/forensikblog\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">@forensikblog<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Computer forensic geek<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/twitter.com\/HECFBlog\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">@HECFBlog<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; SANS Certified Instructor<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/twitter.com\/Hexacorn\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">@Hexacorn<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; DFIR+Malware<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/twitter.com\/hiddenillusion\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">@hiddenillusion<\/span><\/a><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/twitter.com\/iamevltwin\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">@iamevltwin<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Mac Nerd, Forensic Analyst, Author &amp; Instructor of SANS FOR518<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/twitter.com\/jaredcatkinson\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">@jaredcatkinson<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; PowerShell Forensics<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/twitter.com\/maridegrazia\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">@maridegrazia<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Computer Forensics Examiner<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/twitter.com\/sleuthkit\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">@sleuthkit<\/span><\/a><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/twitter.com\/williballenthin\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">@williballenthin<\/span><\/a><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/twitter.com\/XWaysGuide\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">@XWaysGuide<\/span><\/a><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/twitter.com\/inginformatico\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">@inginformatico<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; DFIR analyst and enthusiast<\/span><\/li>\n<\/ul>\n[\/vc_column_text][\/vc_column][\/vc_row][vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; overflow=&#8221;visible&#8221; id=&#8221;Tools&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221; gradient_type=&#8221;default&#8221; shape_type=&#8221;&#8221;][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; column_position=&#8221;default&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/1&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][vc_column_text]\n<p style=\"margin: 0in; font-family: Calibri; font-size: 16.0pt;\"><span style=\"font-weight: bold;\">Other<\/span><\/p>\n<ul style=\"direction: ltr; unicode-bidi: embed; margin-top: 0in; margin-bottom: 0in;\" type=\"disc\">\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/www.reddit.com\/r\/computerforensics\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">\/r\/computerforensics\/<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Subreddit for computer forensics<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/Invoke-IR\/ForensicPosters\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">ForensicPosters<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Posters of file system structures<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/www.sans.org\/posters\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">SANS Posters<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Free posters provided by SANS<\/span><\/li>\n<\/ul>\n[\/vc_column_text][\/vc_column][\/vc_row][vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; overflow=&#8221;visible&#8221; id=&#8221;Tools&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221; gradient_type=&#8221;default&#8221; shape_type=&#8221;&#8221;][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; column_position=&#8221;default&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/1&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][vc_column_text]\n<p style=\"margin: 0in; font-family: Calibri; font-size: 16.0pt;\"><span style=\"font-weight: bold;\">Labs<\/span><\/p>\n<ul style=\"direction: ltr; unicode-bidi: embed; margin-top: 0in; margin-bottom: 0in;\" type=\"disc\">\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/op7ic\/BlueTeam.Lab\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">BlueTeam.Lab<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Blue Team detection lab created with Terraform and Ansible in Azure.<\/span><\/li>\n<\/ul>\n[\/vc_column_text][\/vc_column][\/vc_row]\n","protected":false},"excerpt":{"rendered":"<p>Sed condimentum massa in enim cursus, sed mattis elit malesuada. Lorem sapien acveh icula vestibulum, arcu magna aliquet velit. Nunc elementum mattis diam eu aliquam. Phasellus augue nulla, venenatis non hendrerit ac, volutpat sit amet sem. Donec eleifend nulla<\/p>\n","protected":false},"author":1,"featured_media":6206,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4,2,1],"tags":[30,29,78],"class_list":{"0":"post-5880","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-cyber-security","8":"category-digital-forensics","9":"category-utilities","10":"tag-cyber-security","11":"tag-digital-forensics","12":"tag-utilities"},"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Digital Forensics Tools and Utilities - Sajin Shivdas | Cybersecurity<\/title>\n<meta name=\"description\" content=\"Sed condimentum massa in enim cursus, sed mattis elit malesuada. Lorem sapien acveh icula vestibulum, arcu magna aliquet velit. Nunc elementum mattis diam eu aliquam. Phasellus augue nulla, venenatis non hendrerit ac, volutpat sit amet sem. Donec eleifend nulla\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/sajinshivdas.com\/cybersecurity\/digital-forensics-tools-and-utilities\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Digital Forensics Tools and Utilities - Sajin Shivdas | Cybersecurity\" \/>\n<meta property=\"og:description\" content=\"Sed condimentum massa in enim cursus, sed mattis elit malesuada. Lorem sapien acveh icula vestibulum, arcu magna aliquet velit. Nunc elementum mattis diam eu aliquam. Phasellus augue nulla, venenatis non hendrerit ac, volutpat sit amet sem. Donec eleifend nulla\" \/>\n<meta property=\"og:url\" content=\"https:\/\/sajinshivdas.com\/cybersecurity\/digital-forensics-tools-and-utilities\/\" \/>\n<meta property=\"og:site_name\" content=\"Sajin Shivdas | Cybersecurity\" \/>\n<meta property=\"article:published_time\" content=\"2022-11-08T20:24:35+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-03-27T08:34:29+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/sajinshivdas.com\/cybersecurity\/wp-content\/uploads\/2022\/11\/retinal-biometrics-technology-with-man-s-eye-digital-remix-1-1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1500\" \/>\n\t<meta property=\"og:image:height\" content=\"1000\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Sajin Shivdas\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Sajin Shivdas\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"39 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":[\"Article\",\"BlogPosting\"],\"@id\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/digital-forensics-tools-and-utilities\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/digital-forensics-tools-and-utilities\\\/\"},\"author\":{\"name\":\"Sajin Shivdas\",\"@id\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/#\\\/schema\\\/person\\\/af1d121cbedd3ce64369f21a359ff2e6\"},\"headline\":\"Digital Forensics Tools and Utilities\",\"datePublished\":\"2022-11-08T20:24:35+00:00\",\"dateModified\":\"2023-03-27T08:34:29+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/digital-forensics-tools-and-utilities\\\/\"},\"wordCount\":7905,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/#\\\/schema\\\/person\\\/af1d121cbedd3ce64369f21a359ff2e6\"},\"image\":{\"@id\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/digital-forensics-tools-and-utilities\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/wp-content\\\/uploads\\\/2022\\\/11\\\/retinal-biometrics-technology-with-man-s-eye-digital-remix-1-1.jpg\",\"keywords\":[\"Cyber Security\",\"Digital Forensics\",\"Utilities\"],\"articleSection\":[\"Cyber Security\",\"Digital Forensics\",\"Utilities\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/digital-forensics-tools-and-utilities\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/digital-forensics-tools-and-utilities\\\/\",\"url\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/digital-forensics-tools-and-utilities\\\/\",\"name\":\"Digital Forensics Tools and Utilities - Sajin Shivdas | Cybersecurity\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/digital-forensics-tools-and-utilities\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/digital-forensics-tools-and-utilities\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/wp-content\\\/uploads\\\/2022\\\/11\\\/retinal-biometrics-technology-with-man-s-eye-digital-remix-1-1.jpg\",\"datePublished\":\"2022-11-08T20:24:35+00:00\",\"dateModified\":\"2023-03-27T08:34:29+00:00\",\"description\":\"Sed condimentum massa in enim cursus, sed mattis elit malesuada. Lorem sapien acveh icula vestibulum, arcu magna aliquet velit. Nunc elementum mattis diam eu aliquam. Phasellus augue nulla, venenatis non hendrerit ac, volutpat sit amet sem. Donec eleifend nulla\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/digital-forensics-tools-and-utilities\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/digital-forensics-tools-and-utilities\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/digital-forensics-tools-and-utilities\\\/#primaryimage\",\"url\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/wp-content\\\/uploads\\\/2022\\\/11\\\/retinal-biometrics-technology-with-man-s-eye-digital-remix-1-1.jpg\",\"contentUrl\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/wp-content\\\/uploads\\\/2022\\\/11\\\/retinal-biometrics-technology-with-man-s-eye-digital-remix-1-1.jpg\",\"width\":1500,\"height\":1000},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/digital-forensics-tools-and-utilities\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Digital Forensics Tools and Utilities\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/#website\",\"url\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/\",\"name\":\"sajinshivdas.com\",\"description\":\"Cybersecurity - Information security Resources, Articles and Latest News\",\"publisher\":{\"@id\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/#\\\/schema\\\/person\\\/af1d121cbedd3ce64369f21a359ff2e6\"},\"alternateName\":\"Sajin Shivdas\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/#\\\/schema\\\/person\\\/af1d121cbedd3ce64369f21a359ff2e6\",\"name\":\"Sajin Shivdas\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/wp-content\\\/uploads\\\/2023\\\/01\\\/5dbd4f42-9550-4c99-82e9-34f3c99a2253.png\",\"url\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/wp-content\\\/uploads\\\/2023\\\/01\\\/5dbd4f42-9550-4c99-82e9-34f3c99a2253.png\",\"contentUrl\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/wp-content\\\/uploads\\\/2023\\\/01\\\/5dbd4f42-9550-4c99-82e9-34f3c99a2253.png\",\"width\":1000,\"height\":500,\"caption\":\"Sajin Shivdas\"},\"logo\":{\"@id\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/wp-content\\\/uploads\\\/2023\\\/01\\\/5dbd4f42-9550-4c99-82e9-34f3c99a2253.png\"},\"sameAs\":[\"http:\\\/\\\/sajinshivdas.com\\\/security\",\"www.linkedin.com\\\/in\\\/sajin-shivdas\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Digital Forensics Tools and Utilities - Sajin Shivdas | Cybersecurity","description":"Sed condimentum massa in enim cursus, sed mattis elit malesuada. Lorem sapien acveh icula vestibulum, arcu magna aliquet velit. Nunc elementum mattis diam eu aliquam. Phasellus augue nulla, venenatis non hendrerit ac, volutpat sit amet sem. Donec eleifend nulla","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/sajinshivdas.com\/cybersecurity\/digital-forensics-tools-and-utilities\/","og_locale":"en_US","og_type":"article","og_title":"Digital Forensics Tools and Utilities - Sajin Shivdas | Cybersecurity","og_description":"Sed condimentum massa in enim cursus, sed mattis elit malesuada. Lorem sapien acveh icula vestibulum, arcu magna aliquet velit. Nunc elementum mattis diam eu aliquam. Phasellus augue nulla, venenatis non hendrerit ac, volutpat sit amet sem. Donec eleifend nulla","og_url":"https:\/\/sajinshivdas.com\/cybersecurity\/digital-forensics-tools-and-utilities\/","og_site_name":"Sajin Shivdas | Cybersecurity","article_published_time":"2022-11-08T20:24:35+00:00","article_modified_time":"2023-03-27T08:34:29+00:00","og_image":[{"width":1500,"height":1000,"url":"https:\/\/sajinshivdas.com\/cybersecurity\/wp-content\/uploads\/2022\/11\/retinal-biometrics-technology-with-man-s-eye-digital-remix-1-1.jpg","type":"image\/jpeg"}],"author":"Sajin Shivdas","twitter_misc":{"Written by":"Sajin Shivdas","Est. reading time":"39 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":["Article","BlogPosting"],"@id":"https:\/\/sajinshivdas.com\/cybersecurity\/digital-forensics-tools-and-utilities\/#article","isPartOf":{"@id":"https:\/\/sajinshivdas.com\/cybersecurity\/digital-forensics-tools-and-utilities\/"},"author":{"name":"Sajin Shivdas","@id":"https:\/\/sajinshivdas.com\/cybersecurity\/#\/schema\/person\/af1d121cbedd3ce64369f21a359ff2e6"},"headline":"Digital Forensics Tools and Utilities","datePublished":"2022-11-08T20:24:35+00:00","dateModified":"2023-03-27T08:34:29+00:00","mainEntityOfPage":{"@id":"https:\/\/sajinshivdas.com\/cybersecurity\/digital-forensics-tools-and-utilities\/"},"wordCount":7905,"commentCount":0,"publisher":{"@id":"https:\/\/sajinshivdas.com\/cybersecurity\/#\/schema\/person\/af1d121cbedd3ce64369f21a359ff2e6"},"image":{"@id":"https:\/\/sajinshivdas.com\/cybersecurity\/digital-forensics-tools-and-utilities\/#primaryimage"},"thumbnailUrl":"https:\/\/sajinshivdas.com\/cybersecurity\/wp-content\/uploads\/2022\/11\/retinal-biometrics-technology-with-man-s-eye-digital-remix-1-1.jpg","keywords":["Cyber Security","Digital Forensics","Utilities"],"articleSection":["Cyber Security","Digital Forensics","Utilities"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/sajinshivdas.com\/cybersecurity\/digital-forensics-tools-and-utilities\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/sajinshivdas.com\/cybersecurity\/digital-forensics-tools-and-utilities\/","url":"https:\/\/sajinshivdas.com\/cybersecurity\/digital-forensics-tools-and-utilities\/","name":"Digital Forensics Tools and Utilities - Sajin Shivdas | Cybersecurity","isPartOf":{"@id":"https:\/\/sajinshivdas.com\/cybersecurity\/#website"},"primaryImageOfPage":{"@id":"https:\/\/sajinshivdas.com\/cybersecurity\/digital-forensics-tools-and-utilities\/#primaryimage"},"image":{"@id":"https:\/\/sajinshivdas.com\/cybersecurity\/digital-forensics-tools-and-utilities\/#primaryimage"},"thumbnailUrl":"https:\/\/sajinshivdas.com\/cybersecurity\/wp-content\/uploads\/2022\/11\/retinal-biometrics-technology-with-man-s-eye-digital-remix-1-1.jpg","datePublished":"2022-11-08T20:24:35+00:00","dateModified":"2023-03-27T08:34:29+00:00","description":"Sed condimentum massa in enim cursus, sed mattis elit malesuada. Lorem sapien acveh icula vestibulum, arcu magna aliquet velit. Nunc elementum mattis diam eu aliquam. Phasellus augue nulla, venenatis non hendrerit ac, volutpat sit amet sem. Donec eleifend nulla","breadcrumb":{"@id":"https:\/\/sajinshivdas.com\/cybersecurity\/digital-forensics-tools-and-utilities\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/sajinshivdas.com\/cybersecurity\/digital-forensics-tools-and-utilities\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/sajinshivdas.com\/cybersecurity\/digital-forensics-tools-and-utilities\/#primaryimage","url":"https:\/\/sajinshivdas.com\/cybersecurity\/wp-content\/uploads\/2022\/11\/retinal-biometrics-technology-with-man-s-eye-digital-remix-1-1.jpg","contentUrl":"https:\/\/sajinshivdas.com\/cybersecurity\/wp-content\/uploads\/2022\/11\/retinal-biometrics-technology-with-man-s-eye-digital-remix-1-1.jpg","width":1500,"height":1000},{"@type":"BreadcrumbList","@id":"https:\/\/sajinshivdas.com\/cybersecurity\/digital-forensics-tools-and-utilities\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/sajinshivdas.com\/cybersecurity\/"},{"@type":"ListItem","position":2,"name":"Digital Forensics Tools and Utilities"}]},{"@type":"WebSite","@id":"https:\/\/sajinshivdas.com\/cybersecurity\/#website","url":"https:\/\/sajinshivdas.com\/cybersecurity\/","name":"sajinshivdas.com","description":"Cybersecurity - Information security Resources, Articles and Latest News","publisher":{"@id":"https:\/\/sajinshivdas.com\/cybersecurity\/#\/schema\/person\/af1d121cbedd3ce64369f21a359ff2e6"},"alternateName":"Sajin Shivdas","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/sajinshivdas.com\/cybersecurity\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/sajinshivdas.com\/cybersecurity\/#\/schema\/person\/af1d121cbedd3ce64369f21a359ff2e6","name":"Sajin Shivdas","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/sajinshivdas.com\/cybersecurity\/wp-content\/uploads\/2023\/01\/5dbd4f42-9550-4c99-82e9-34f3c99a2253.png","url":"https:\/\/sajinshivdas.com\/cybersecurity\/wp-content\/uploads\/2023\/01\/5dbd4f42-9550-4c99-82e9-34f3c99a2253.png","contentUrl":"https:\/\/sajinshivdas.com\/cybersecurity\/wp-content\/uploads\/2023\/01\/5dbd4f42-9550-4c99-82e9-34f3c99a2253.png","width":1000,"height":500,"caption":"Sajin Shivdas"},"logo":{"@id":"https:\/\/sajinshivdas.com\/cybersecurity\/wp-content\/uploads\/2023\/01\/5dbd4f42-9550-4c99-82e9-34f3c99a2253.png"},"sameAs":["http:\/\/sajinshivdas.com\/security","www.linkedin.com\/in\/sajin-shivdas"]}]}},"_links":{"self":[{"href":"https:\/\/sajinshivdas.com\/cybersecurity\/wp-json\/wp\/v2\/posts\/5880","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sajinshivdas.com\/cybersecurity\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sajinshivdas.com\/cybersecurity\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sajinshivdas.com\/cybersecurity\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sajinshivdas.com\/cybersecurity\/wp-json\/wp\/v2\/comments?post=5880"}],"version-history":[{"count":0,"href":"https:\/\/sajinshivdas.com\/cybersecurity\/wp-json\/wp\/v2\/posts\/5880\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sajinshivdas.com\/cybersecurity\/wp-json\/wp\/v2\/media\/6206"}],"wp:attachment":[{"href":"https:\/\/sajinshivdas.com\/cybersecurity\/wp-json\/wp\/v2\/media?parent=5880"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sajinshivdas.com\/cybersecurity\/wp-json\/wp\/v2\/categories?post=5880"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sajinshivdas.com\/cybersecurity\/wp-json\/wp\/v2\/tags?post=5880"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}