🔍 A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.

The Sleuth Kit® (TSK) is a library and collection of command line digital forensics tools that allow you to investigate volume and file system data. The library can be incorporated into larger digital forensics tools and the command line tools can be directly used to find evidence.

TCP/IP packet demultiplexer. Download from:

Anti Forensics Tool For Red Teamers, Used For Erasing Footprints In The Post Exploitation Phase.

FAT filesystems explore, extract, repair, and forensic tool

RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.

Pseudo-malicious usermode memory artifact generator kit designed to easily mimic the footprints left by real malware on an infected Windows OS.

An AFF4 C++ implementation.

Comae Hibernation File Decompressor

Paragon APFS SDK Free

Change CRC checksums of your files.

Hardware arduino based mouse emulator, preventing screen saver locking (eg. during forensic investigation)

Windows tool for low-level access to any floppy disks, and comfortable high-level access to some legacy filesystems (ZX Spectrum, MS-DOS, etc.).

This program detects if any security software (AV, EDR, XDR, firewall, etc.) is running on the system. The program searches the list of running processes and compares their names with a predefined list of known security software processes.

An Incident Response tool to extract console command history and screen output buffer

It is based on bulk_extractor (https://github.com/simsong/bulk_extractor) and add scanners for record carving

A FUSE module to mount captured network data

A program and toolset to analyze iDevice USB sessions

Utility to decompress Linux swsusp hibernation file.