Guide to Digital Forensics

Digital Forensics Guide

A guide covering Digital Forensics the applications, libraries and tools that will make you a better and more efficient with Digital Forensics development.


Digital Forensics Learning Resources

Digital Forensics is the process of recovering and preserving material found on digital devices during the course of criminal investigations. Digital forensics tools include hardware and software tools used by law enforcement to collect and preserve digital evidence and support or refute hypotheses before courts.

Computer Forensics is the process of examining digital media in a forensic-like manner with the goal of identifying, preserving, recovering, analyzing and presenting facts and opinions about the digital information.

Mobile device forensics is the science of recovering digital evidence from a mobile device under forensically sound conditions using accepted methods. Mobile device forensics is an evolving specialty in the field of digital forensics.

Network forensics is a science that centers on the discovery and retrieval of information surrounding a cybercrime within a networked environment. Common forensic activities include the capture, recording and analysis of events that occurred on a network in order to establish the source of cyberattacks.

Database forensics is the process of interrogating a failed database and trying to reconstruct the metadata and page information from within a data set, whereas database recovery implies some kind of restorative process that will enable the database to become viable enough to be put back into a production environment, or healthy enough to provide a backup that can be used in a database restore.

Digital Forensics Tools, Libraries, and Frameworks

Autopsy® is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools. It is used by law enforcement, military, and corporate examiners to investigate what happened on a computer. You can even use it to recover photos from your camera’s memory card.

The Sleuth Kit® (TSK) is a library and collection of command line tools that allow you to investigate disk images. The core functionality of TSK allows you to analyze volume and file system data. The library can be incorporated into larger digital forensics tools and the command line tools can be directly used to find evidence.

PTK Forensics is a computer forensic framework for the command line tools in the SleuthKit plus much more software modules.

DFF (Digital Forensics Framework) is a free and Open Source computer forensics software built on top of a dedicated Application Programming Interface (API). It can be used both by professional and non-expert people in order to quickly and easily collect, preserve and reveal digital evidences without compromising systems and data.

Mobile Device Investigator® is a security tool that powers rapid investigations of iOS and Android devices by connecting a suspect device via USB port to perform logical acquisitions.

Digital Evidence Investigator® is a digital forensic tool for Windows, Linux, and macOS (including T2 and M1 chips). DEI collects digital evidence and presents it in a timeline view to tie the user to files and artifacts.

Digital Evidence Investigator® PRO is a tool that includes Windows, Linux and macOS (including T2 and M1 chips) computer forensic capabilities of Digital Evidence Investigator® and Mobile Device Investigator® iOS/Android capabilities in a single license.

Guymager is a free forensic imager for media acquisition. Its main features are: Easy user interface in different languages. Really fast, due to multi-threaded, pipelined design and multi-threaded data compression. Generates flat (dd), EWF (E01) and AFF images, supports disk cloning. Free of charges, completely open source.

X-Ways Forensics is a commercial digital forensics platform for Windows.

X-Ways Investigator is a reduced, simplified version of X-Ways Forensics for police investigators, lawyers, and auditors.

WinHex is a Hex editor, disk editor, and RAM editor. Computer forensics, data recovery, and IT security tool.

F-Response is a remote network drive analysis capability, remote RAM access, and cloud storage access.

AccessData Forensics Toolkit (FTK®) is built for speed, stability and ease of use. It provides comprehensive processing and indexing up front, so filtering and searching is faster than with any other product. This means you can zero in on the relevant evidence quickly, dramatically increasing your analysis speed.

OpenText™ EnCase™ is a commercial forensics platform. It offers support for evidence collection from over twenty-five different types of devices, including desktops, mobile devices and GPS. Within the tool, a forensic investigator can inspect the collected data and generate a wide range of reports based upon predefined templates.

Redline® is FireEye’s premier free endpoint security tool, provides host investigative capabilities to users to find signs of malicious activity through memory and file analysis and the development of a threat assessment profile. It collects information about running processes on a host, drivers from memory and gathers other data like meta data, registry data, tasks, services, network information and internet history to build a proper report.

Paraben’s Electronic Evidence Examiner—E3 is a comprehensive digital forensic platform designed to handle more data, more efficiently while adhering to Paraben’s paradigm of specialized focus of the entire forensic exam process. Paraben has capabilities in:

  • Desktop forensics
  • Email forensics
  • Smartphone analysis
  • Cloud analysis
  • IoT forensics
  • Triage and visualization

Bulk Extractor is a program that extracts features such as email addresses, credit card numbers, URLs, and other types of information from digital evidence files. It is a useful forensic investigation tool for many tasks such as malware and intrusion investigations, identity investigations and cyber investigations, as well as analyzing imagery and pass-word cracking.

Registry Recon is a powerful computer forensics tool developed by Arsenal Recon. The tool is used to extract, recover, and parse registry data from Windows systems. The process of manually scouring Windows Registry files proves to be extremely time consuming and leaves gaping holes in the ability to recover critical information.

Volatility is the memory forensics framework. It is used for incident response and malware analysis. With this tool, you can extract information from running processes, network sockets, network connection, DLLs and registry hives. It also has support for extracting information from Windows crash dump files and hibernation files.

WindowsSCOPE is a commercial memory forensics and reverse engineering tool used for analyzing volatile memory. It is basically used for reverse engineering of malware. It provides the ability to analyze the Windows kernel, drivers, DLLs and virtual and physical memory.

Wireshark is the most widely used network traffic analysis tool in existence. It has the ability to capture live traffic or ingest a saved capture file.

Network Miner is an open source Network Forensic Analysis Tool (NFAT) for Windows (also Linux, macOS X , and FreeBSD). NetworkMiner can be used as a passive network sniffer/packet capturing tool in order to detect operating systems, sessions, hostnames, and open ports without putting any traffic on the network.

Xplico is an open-source network forensic analysis tool. It is used to extract useful data from applications which use Internet and network protocols. It supports most of the popular protocols including HTTP, IMAP, POP, SMTP, SIP, TCP, UDP, TCP and others. Output data of the tool is stored in an SQLite database or MySQL database. It also supports both IPv4 and IPv6.

Oxygen Forensic Detective is a forensic’s tool that focuses on mobile devices but is capable of extracting data from a number of different platforms, including mobile, IoT, cloud services, drones, media cards, backups and desktop platforms. It uses physical methods to bypass device security (such as screen lock) and collects authentication data for a number of different mobile applications.

XRY is a collection of different commercial tools for mobile device forensics. XRY Logical is a suite of tools designed to interface with the mobile device operating system and extract the desired data. XRY Physical, on the other hand, uses physical recovery techniques to bypass the operating system, enabling analysis of locked devices.

SIFT Workstation is another open-source Linux virtual machine that aggregates free digital forensics tools. This platform was developed by the SANS Institute and its use is taught in a number of their courses.

HashKeeper is a central database repository of Forensic Intelligence donated by various sources, usually obtained by law enforcement during the course of forensic investigations of suspect systems.

Forensic Explorer Command Line (FEX CLI) is a forensic data processing engine used for computer forensics and electronic discovery. The FEX CLI can be run on a single workstation to an enterprise level virtual environment spawning multiple simultaneous processing instances.

FEX Memory Imager (FEX Memory) is a free imaging tool designed to capture the physical Random Access Memory (RAM) of a suspect’s running computer. This allows investigators to recover and analyze valuable artifacts found only in memory.

FEX Imager™ is a free forensic imaging program that will acquire or hash a bit-level forensic image with full MD5, SHA1, SHA256 hash authentication. It can acquire a physical drive, logical drive, folders and files, remote devices (using servlet), or re-acquire a forensic image.

Forensic Explorer™ is a flexible and easy to use GUI with advanced sort, filter, keyword search, data recovery and script technology. It can quickly process large volumes of data, automate complex investigation tasks, produce detailed reports and increase productivity.

Rehex is a cross-platform (Windows, Linux, Mac) hex editor for reverse engineering, and everything else.

DIRTY is a Augmenting Decompiler Output with Learned Variable Names and Types developed by the Socio-Technical Research Using Data Excavation Lab, at Carnegie Mellon University.


Reference: Digital Forensics Guide

Subscribe to our channel and do not miss new collections of tools in various areas of Information Security.

  Posted by: @ESPYER


The Thrilling Adventure of Digital Sleuthing with IRBIS

In the rapidly expanding digital world, IRBIS stands out as a revolutionary online platform for gathering digital intelligence. It offers a host of powerful tools, including deep web searches, facial recognition, and social media analysis, making the process of uncovering hidden insights on the internet simple yet efficient. What sets IRBIS apart is its use of proxy server technology, exemplified by providers like This feature enhances privacy, speed, and access to geo-blocked content, making IRBIS an invaluable tool for both professionals and tech enthusiasts. Using IRBIS is akin to becoming a digital detective, equipped with a cutting-edge toolkit that makes the exploration of the online world an exhilarating experience.

Read More »

Unveiling the Power of Facial Recognition

Discover how the advanced facial recognition technology of Botodetective can revolutionize online investigations. With the ability to search for information about individuals using just their face picture, Botodetective offers a powerful tool for uncovering online presence and conducting thorough investigations. Dive into the world of AI-driven facial recognition and explore how this innovative technology is reshaping the landscape of online investigations. Unleash the potential of Botodetective and unlock a wealth of information with just a simple face picture. Stay ahead of the game and gain valuable insights into individuals’ online activities. Upgrade your investigative capabilities today with Botodetective’s facial recognition feature.

Read More »

Mystic Faces Revealed: Crack the Code of the Unknown with Facial Photo Search

Unleash the Epic Secrets: Master the Art of Discovery with

Are you curious to delve deeper into the lives of the people you encounter? With, you have the ultimate tool at your fingertips. This eye-catching article introduces the power of, an innovative platform that allows you to gather information about others based on phone numbers, names, email addresses, and even photos.

Discover the thrill of uncovering hidden truths about your date or satisfying your curiosity about someone you’ve crossed paths with on the street. Dive into the world of Irbis and witness its advanced facial recognition technology that can identify individuals and provide valuable insights.

Learn how to responsibly navigate this powerful tool and respect the privacy of others as you unlock the secrets that lie beneath the surface. Explore a world of endless possibilities, backed by a secure and encrypted environment.

Join us on this exciting journey and let become your guide in unraveling the mysteries that surround us. Unleash the epic secrets and master the art of discovery today!

Read More »

The Atypical OSINT Guide

This article explores the OffcierCia non-typical OSINT guide on GitHub, which is a library of materials for learning how to conduct open source intelligence (OSINT) investigations. The guide is intended for bored professionals and provides a wide range of unusual OSINT techniques and tools. The article covers the various sections of the guide, including immersive and gamified learning, training and practicing, external data, and more. It also includes a disclaimer that all information is for educational purposes only and based on public sources. The article aims to inform readers about this valuable resource for improving their OSINT skills.

Read More »

Revolutionize Your Instagram Game with AutoGPT-Social

Introducing AutoGPT-Social, an AI-powered tool designed to revolutionize your Instagram content strategy. By automatically generating eye-catching images, captions, and hashtags, this innovative bot optimizes posting schedules based on real-time feedback to maximize engagement. With customizable post frequency settings and automatic hashtag discovery, AutoGPT-Social simplifies content creation, helping you attract likes and followers with ease. To get started, visit the project’s GitHub page: Please use the bot responsibly and at your own risk.

#AutoGPTSocial #InstagramGrowth #AIContentGenerator #MaximizeEngagement

Read More »

Is Your Date Who They Say They Are?

This article highlights the importance of background checks not just for employers, but for individuals as well. It explains how background checks can be helpful for online dating, childcare, and renting out property. The article also mentions, a website that offers background check services with an easy-to-use platform and informative blog. The article emphasizes that conducting a background check can provide peace of mind and help make informed decisions about the people in your life.

Read More »