Free Forensic Tools

Free Tools for investigators and Computer Forensics Investigators

Autopsy Forensics

"Autopsy® is the premier end-to-end open source digital forensics platform. Built by Basis Technology with the core features you expect in commercial forensic tools, Autopsy is a fast, thorough, and efficient hard drive investigation solution that evolves with your needs."
Write your awesome label here.
Write your awesome label here.

Bitlocker Key Finder by Northloop Forensics

A digital forensic solution for addressing Bitlocker credentials.

Cyohash

CyoHash is a simple shell extension that is used from within Windows Explorer to calculate the MD5 hash, SHA1 hash, or CRC32 checksum of a file. (Additional SHA256, SHA384, and SHA512 algorithms are available for users of Windows XP SP3 or newer.)
Write your awesome label here.
Write your awesome label here.

EZ Tools

EZ tools was created by Erik Zimmerman who is also credited for the creation of OsTriage and KAPE. You can also find free training on this suite of free tools at NW3C.

SQ Lite Viewer by Foxton Forensics

Free tool for inspecting the contents of SQLite databases.

FTK Imager

Create full-disk forensic images and process a wide range of data types from many sources, from hard drive data to mobile devices, network data and Internet storage, all in a centralized, secure database. FTK® processes and indexes data upfront, eliminating wasted time waiting for searches to execute. Cut down on OCR time by up to 30% with our efficient OCR engine.

Develop your professional skills

Evanole Community Edition acquires and parses real-time system traffic from iOS devices.
Write your awesome label here.

KAPE (Kroll Artifact Parser Extractor)

KAPE is an efficient and highly configurable triage program that will target essentially any device or storage location, find forensically useful artifacts, and parse them within a few minutes. KAPE reads configuration files on the fly and based on their contents, collects and processes relevant files. This makes KAPE very extensible in that the program’s author does not need to be involved to add or expand functionality.

Magnet Acquire

Magnet ACQUIRE lets digital forensic examiners quickly and easily acquire forensic images of any iOS or Android device, hard drive, and removable media — and is available at no cost to the forensic community.

Magnet Shield

Quickly get photo, video, and chat evidence with an external or internal camera or by connecting to the victim or witness’s mobile phone, or memory card.

PhotoRec

PhotoRec is file data recovery software designed to recover lost files including video, documents and archives from hard disks (Mechanical Hard drives, Solid State Drives...), CD-ROMs, and lost pictures (thus the Photo Recovery name) from digital camera memory. PhotoRec ignores the file system and goes after the underlying data, so it will still work even if your media's file system has been severely damaged or reformatted.

Slitheris 

Slitheris Network Discovery for Windows is a new premium next-generation network scanner, capable of gathering a wide array of information from network devices without credentials or agents. You’ll get more information than any free Windows-based IP scanner. And there’s no need to configure remote PCs, servers or other network IoT devices.