30 open-source projects similar to sleuthkit/sleuthkit, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Sleuthkit alternative.
IPED Digital Forensic Tool. It is an open source software that can be used to process and analyze digital evidence, often seized at crime scenes by law enforcement or in a corporate investigation by private examiners.
PowerForensics provides an all in one platform for live disk forensic analysis
Forensics acquisition framework designed to be extensible and secure
DFF (Digital Forensics Framework) is a Forensics Framework coming with command line and graphical interfaces. DFF can be used to investigate hard drives and volatile memory and create reports about user and system activities.
IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol.
1. The ADTimeline PowerShell script 1. Description 2. Prerequisites 3. Usage 4. Files generated 5. Custom groups 2. The ADTimeline App for Splunk 1. Description 2. Sourcetypes 3. AD General information dashboards 4. AD threat hunting dashboards 5. Enhance your traditional event logs threat…
RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps. Using raw RDP cache tile bitmaps extracted by tools like e.g. ANSSI's BMC-Tools (https://github.com/ANSSI-FR/bmc-tools) as input, it provides a graphical user interface and…
androidqf (Android Quick Forensics) is a portable tool to simplify the acquisition of relevant forensic data from Android devices. It is the successor of Snoopdroid, re-written in Go and leveraging official adb binaries.
ripgrep is a command-line utility designed for searching through large file trees and source code repositories. It functions as a recursive text processor that traverses directories to locate and display matching patterns, serving as a high-performance alternative to traditional search tools. The tool distinguishes itself through a focus on execution speed and intelligent file handling. It utilizes a finite automata-based regular expression engine to ensure linear time complexity and employs hardware-level acceleration for literal byte sequence scanning. By integrating with version control sy
Dissect is a digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artefacts from various disk and file formats, developed by Fox-IT (part of NCC Group).
This is a repository to centralize DFIR-related Mind Maps created with any Mind Mapping suites. The main point of this repo is to not only provide the Mind Maps for various DFIR Tools & Artifacts, but provide the source of the Mind Maps so others can use, improve, or modify how they see fit for…
APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity
To configure DFIR ORC, you need: configuration files in XML format, located in the "config" directory items to embed (especially DFIR-Orc binaries in 32 and 64 bits), stored in the "tools" directory
A Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.
A toolkit for the post-mortem examination of Docker containers from forensic HDD copies
CLI utility and Python module for analyzing log files and other data.
Procmon (https://docs.microsoft.com/en-us/sysinternals/downloads/procmon) is a very powerful monitoring tool for Windows, capable of capturing file system, registry, process/thread and network activity.
A collection of PowerShell scripts for analyzing data from Microsoft 365 and Microsoft Entra ID.
AIFT is a GUI, CLI, REST API, and MCP tool that helps DFIR analysts get oriented quickly. Point it at disk images, VM images, forensic archives, or triage packages; AIFT discovers what can be opened, parses artifacts with Dissect, and uses AI to turn parsed data into concrete leads and gaps for the investigator to verify.
Digital Forensics artifact repository
OpenProject is a guide on using open-source tools for Incident Response (IR). This repo shares workflows, tool setups, and practical steps for detecting, analyzing, and handling security incidents. It’s made for security pros and anyone interested in building an effective IR toolkit using free…
`forensictools` is a toolkit designed for digital forensics, offering a wide array of tools. Its primary goal is to simplify the creation of a virtual environment for conducting forensic examinations.