Free Forensic Tools
Autopsy Forensics
"Autopsy® is the premier end-to-end open source digital forensics platform. Built by Basis Technology with the core features you expect in commercial forensic tools, Autopsy is a fast, thorough, and efficient hard drive investigation solution that evolves with your needs."
Bitlocker Key Finder by Northloop Forensics
A digital forensic solution for addressing Bitlocker credentials.
Cyohash
CyoHash is a simple shell extension that is used from within Windows Explorer to calculate the MD5 hash, SHA1 hash, or CRC32 checksum of a file. (Additional SHA256, SHA384, and SHA512 algorithms are available for users of Windows XP SP3 or newer.)
EZ Tools
EZ tools was created by Erik Zimmerman who is also credited for the creation of OsTriage and KAPE. You can also find free training on this suite of free tools at NW3C.
FTK Imager
Create full-disk forensic images and process a wide range of data types from many sources, from hard drive data to mobile devices, network data and Internet storage, all in a centralized, secure database. FTK® processes and indexes data upfront, eliminating wasted time waiting for searches to execute. Cut down on OCR time by up to 30% with our efficient OCR engine.
Develop your professional skills
Evanole Community Edition acquires and parses real-time system traffic from iOS devices.
KAPE (Kroll Artifact Parser Extractor)
KAPE is an efficient and highly configurable triage program that will target essentially any device or storage location, find forensically useful artifacts, and parse them within a few minutes. KAPE reads configuration files on the fly and based on their contents, collects and processes relevant files. This makes KAPE very extensible in that the program’s author does not need to be involved to add or expand functionality.
PhotoRec
PhotoRec is file data recovery software designed to recover lost files including video, documents and archives from hard disks (Mechanical Hard drives, Solid State Drives...), CD-ROMs, and lost pictures (thus the Photo Recovery name) from digital camera memory. PhotoRec ignores the file system and goes after the underlying data, so it will still work even if your media's file system has been severely damaged or reformatted.
Slitheris
Slitheris Network Discovery for Windows is a new premium next-generation network scanner, capable of gathering a wide array of information from network devices without credentials or agents. You’ll get more information than any free Windows-based IP scanner. And there’s no need to configure remote PCs, servers or other network IoT devices.