A curated list of awesome forensic analysis tools and resources. Inspired by awesome-malware-analysis.

• Awesome Forensics
• Collections
• Tools
  • Distributions
  • Frameworks
  • Live forensics
  • Imageing
  • Carving
  • Memory Forensics
  • Network Forensics
  • Windows Artifacts
  • OS X Forensics
  • Hex Editors
  • Binary Converter
  • File Grammars
  • Disk image handling
  • Decryption
• Learn Forensics
  • CTFs
• Resources
  • File System Corpora
  • Websites
  • Twitter
  • Blogs
  • Other
• Related Awesome Lists
• Contributing

• Devon Ackerman's Definitive DFIR Compendium Project - Google Docs Sheets with lists of certifications, books, blogs, challenges and more
• dfir.training - Database with events, tools and other forensics material

• deft - Linux distribution for forensic analysis

• The Sleuth Kit - Tools for low level forensic analysis
• dff - Forensic framework

• mig - Distributed & real time digital forensics at the speed of the cloud
• grr - GRR Rapid Response: remote live forensics for incident response

• FTK Imager - Free imageing tool
• dcfldd - Improved version of dd
• dc3dd - Different improved version of dd

• bstrings - Improved strings utility
• photorec - File carving tool
• see Maleware Analysis List

• volatility - The memory forensic framework
• KeeFarce - Extract KeePass passwords from memory
• see Maleware Analysis List

• Wireshark - The network traffic analysis tool

• MFT-Parsers - Comparison of MFT-Parsers
• MFTExtractor - MFT-Parser
• python-ntfs - NTFS analysis
• NTFS journal parser
• NTFS USN Journal parser
• FastIR Collector - Collect artifacts on windows
• see Maleware Analysis List

• OSXAuditor

• HxD - Small, fast hex editor for Windows
• 0xED - Native hex editor for OS X
• wxHex Editor - Cross platform editor with file comparison
• iBored - Cross platform, sektor based hex editor
• Synalyze It! - Hex editor with templates for binary analysis
• Hexinator - Windows Version of Synalyze It!

• DateDecode - Convert binary data into differnt kinds of date formats

• WinHex Templates - Grammars for the WinHex editor and X-Ways
• Synalyse It! Grammars - File type grammars for the Synalyze It! editor
• HFSPlus Grammars - HFS+ grammars for Synalysis
• Contruct formats - Parser for different file formats for the python construct package
• 010 Editor Templates - Templates for the 010 Editor
• Sleuth Kit file system grammars - Grammars for different file systems
• TestDisk grammars - Grammars used by TestDisk and PhotoRec

• xmount - Convert between different disk image formats

• John the Ripper - Password cracker
• hashcat - Fast password cracker with GPU support

• Forensic Challanges - Mindmap of Forensic Challanges

• Forensics CTFs

• Digital Forensics Tool Testing Images
• The CFReDS Project
  • Hacking Case (4.5 GB NTFS Image)
• FAU Open Research Challenge Digital Forensics

• Forensics tools on Wikipedia
• Free computer forensic tools - Comprehensive list of free computer forensic tools

• @4n6ist
• @4n6k
• @505Forensics - Forensicator
• @aheadless
• @AppleExaminer - Apple OS X & iOS Digital Forensics
• @blackbagtech
• @carrier4n6 - Brian Carrier, author of Autopsy and the Sleuth Kit
• @CindyMurph - Detective & Digital Forensic Examiner
• @forensikblog - Computer forensic geek
• @HECFBlog - SANS Certified Instructor
• @Hexacorn - DFIR+Malware
• @hiddenillusion
• @iamevltwin - Mac Nerd, Forensic Analyst, Author & Instructor of SANS FOR518
• @jaredcatkinson - PowerShell Forensics
• @maridegrazia - Computer Forensics Examiner
• @sleuthkit
• @williballenthin
• @XWaysGuide

• thisweekin4n6.wordpress.com - Weekly updates for forensics

• /r/computerforensics/ - Subreddit for computer forensics

• Android Security
• AppSec
• CTFs
• "Hacking"
• Honeypots
• Incident-Response
• Infosec
• Malware Analysis
• PCAP Tools
• Pentesting
• Security

Pull requests and issues with suggestions are welcome!