Penetration testing commands for Digital Forensics
Digital forensics involves the collection, preservation, analysis, and presentation of digital evidence. It plays a critical role in incident investigations, legal proceedings, and security reviews.
| Name | Description | Price |
|---|---|---|
| Andriller | Software utility with a collection of forensic tools for smartphones; performs read-only, non-destructive acquisition | Free |
| Cerbero Profiler | File analyzer and inspector | Paid |
| ds_store_exp | Extract files from .DS_Store recursively | Free |
| EML analyzer | Analyze EML files: headers, bodies, attachments; extract IOCs; identify suspicious attachments | Free |
| ExifTool | Library and CLI tool for reading, writing and editing metadata for a lot of file types | Free |
| extundelete | Tool to recover deleted files from an ext3 or ext4 partition | Free |
| Fibratus | Tool for exploration and tracing of the Windows kernel | Free |
| Foremost | CLI tool to recover files based on their headers, footers, and internal data structures | Free |
| ForensicMiner | DFIR automation for collecting and analyzing evidence | Free |
| FTK Imager | Investigate electronic devices; full disk imaging capabilities: preview and image hard drives from Windows and Linux computers, CDs, DVDs, thumb drives, and other USB; forensic image mounting: mount an image for a read-only view that leverages file explorer; preview data; RAM capture | Paid |
| Live Forensicator | Assist forensic investigators and incidence responders in carrying out a quick live forensic investigation | Free |
| MVT | Mobile Verification Toolkit; collection of utilities to simplify and automate the process of gathering forensic traces helpful to identify a potential compromise of Android and iOS devices | Free |
| rekall | Volatile memory extraction utility | Free |
| rekall (Fireeye fork) | Fork of rekall with support for Windows 10 memory compression | Free |
| ResourcesExtract | Scans dll/ocx/exe files and extract all resources found, Windows only | Free |
| shellbags | Shellbag parser (Windows Registry Keys) | Free |
| Velociraptor | Endpoint visibility and collection tool | Free |
| volatility | Volatile memory extraction utility | Free |
| volatility (Fireeye fork) | Fork of volatility with support for Windows 10 memory compression | Free |