Free Cyber Toolkit

Free Cyber Forensic Tool's


CrowdStrike CrowdResponse

CrowdResponse is a lightweight console application that can be used as part of an incident response scenario to gather contextual information such as a process list, scheduled tasks, or Shim Cache.



Volatility (For window)

Volatility is a memory forensics framework for incident response and malware analysis that allows you to extract digital artefacts from volatile memory (RAM) dumps.



The Sleuth Kit (+Autopsy) (For window)

The Sleuth Kit is an open source digital forensics toolkit that can be used to perform in-depth analysis of various file systems.



Linux ‘dd’

This tool can be used for various digital forensic tasks such as forensically wiping a drive (zero-ing out a drive) and creating a raw image of a drive.



CAINE

CAINE (Computer Aided INvestigative Environment) is Linux Live CD that contains a wealth of digital forensic tools. Features include a user-friendly GUI, semi-automated report creation and tools for Mobile Forensics, Network Forensics, Data Recovery and more.



ExifTool

ExifTool is a command-line application used to read, write or edit file metadata information. It is fast, powerful and supports a large range of file formats (although image file types are its speciality). ExifTool can be used for analysing the static properties of suspicious files in a host-based forensic investigation.



Free Hex Editor Neo

Free Hex Editor Neo is a basic hex editor that was designed to handle very large files.



Last Activity View

LastActivityView allows you to view what actions were taken by a user and what events occurred on the machine. Any activities such as running an executable file, opening a file/folder from Explorer, an application or system crash or a user performing a software installation will be logged.



Plain Sight

PlainSight is a Live CD based on Knoppix (a Linux distribution) that allows you to perform digital forensic tasks such as viewing internet histories, data carving, USB device usage information gathering, examining physical memory dumps, extracting password hashes, and more.



HxD

It is a user-friendly hex editor that allows you to perform low-level editing and modifying of a raw disk or main memory (RAM).