| Fibratus | Tool for exploration and tracing of the Windows kernel | https://github.com/rabbitstack/fibratus | Free | digital_forensics |
| Foremost | CLI tool to recover files based on their headers, footers, and internal data structures | https://sourceforge.net/projects/foremost/ | Free | digital_forensics |
| ForensicMiner | DFIR automation for collecting and analyzing evidence | https://github.com/securityjoes/ForensicMiner | Free | digital_forensics |
| FTK Imager | Investigate electronic devices; full disk imaging capabilities: preview and image hard drives from Windows and Linux computers, CDs, DVDs, thumb drives, and other USB; forensic image mounting: mount an image for a read-only view that leverages file explorer; preview data; RAM capture | | Paid | digital_forensics |
| MVT | Mobile Verification Toolkit; collection of utilities to simplify and automate the process of gathering forensic traces helpful to identify a potential compromise of Android and iOS devices | https://github.com/mvt-project/mvt | Free | digital_forensics |
| ResourcesExtract | Scans dll/ocx/exe files and extract all resources found, Windows only | | Free | digital_forensics |
| shellbags | Shellbag parser (Windows Registry Keys) | https://github.com/williballenthin/shellbags | Free | digital_forensics |
| Velociraptor | Endpoint visibility and collection tool | https://github.com/Velocidex/velociraptor | Free | digital_forensics |
| volatility | Volatile memory extraction utility | https://github.com/volatilityfoundation/volatility | Free | digital_forensics |
| Andriller | Software utility with a collection of forensic tools for smartphones; performs read-only, non-destructive acquisition | https://github.com/den4uk/andriller | Free | digital_forensics |
| Cerbero Profiler | File analyzer and inspector | | Paid | digital_forensics |
| ds_store_exp | Extract files from .DS_Store recursively | https://github.com/lijiejie/ds_store_exp | Free | digital_forensics |
| EML analyzer | Analyze EML files: headers, bodies, attachments; extract IOCs; identify suspicious attachments | https://github.com/ninoseki/eml_analyzer | Free | digital_forensics |
| extundelete | Tool to recover deleted files from an ext3 or ext4 partition | https://sourceforge.net/projects/extundelete/ | Free | digital_forensics |
| rekall | Volatile memory extraction utility | https://github.com/google/rekall | Free | digital_forensics |
| rekall (Fireeye fork) | Fork of rekall with support for Windows 10 memory compression | https://github.com/fireeye/win10_rekall | Free | digital_forensics |
| Live Forensicator | Assist forensic investigators and incidence responders in carrying out a quick live forensic investigation | https://github.com/Johnng007/Live-Forensicator | Free | digital_forensics |
| volatility (Fireeye fork) | Fork of volatility with support for Windows 10 memory compression | https://github.com/fireeye/win10_volatility | Free | digital_forensics |
| ExifTool | Library and CLI tool for reading, writing and editing metadata for a lot of file types | https://sourceforge.net/projects/exiftool/ | Free | digital_forensics |