-
is an open and extensible file format designed to store disk images and associated metadata. This site also lists tools that work with AFF.
-
The Autopsy Forensic Browser is a graphical interface to the command line digital investigation analysis tools in The Sleuth Kit. Together, they can analyze Windows and UNIX disks and file systems (NTFS, FAT, UFS1/2, Ext2/3).
-
TCT is a collection of programs by Dan Farmer and Wietse Venema for a post-mortem analysis of a UNIX system after break-in.
-
mac-robber is a digital investigation tool that collects data from allocated files in a mounted file system.
-
a Java-based graphical forensics tool that creates a VMware virtual machine out of a raw (dd-style) disk image or physical disk. This allows the forensic examiner to "boot up" the image or disk and gain an interactive, user-level perspective of the env.
-
This site is a reference for the use of open source software in digital investigations (a.k.a. digital forensics, computer forensics, incident response). This site is a tool repository for Open Source tools on both Windows and Unix platorms.
-
The main goal is to automate the digital forensic process to speed up the investigation and give tactical investigators direct access to the seized data through an easy to use search and browse interface.
-
The Sleuth Kit (previously known as TASK) is a collection of UNIX-based command line file and volume system forensic analysis tools.
-
TULP2G is a .NET 2.0 based forensic software framework for extracting and decoding data stored in electronic devices. Along with the framework this version includes several plug-ins in the area of retrieving data from mobile phones.