What tools are included on the Foresics suit?

The tools included on this section are the tools that base on my experience, are handy to use in any tipo of forensic investigation. If you have some sugestions of new tools to add or change, or update, you can open an issue here.

Folder structure

All forensics tools follow this folder tree, where you can find the more suitable tool for your task

:open_file_folder: Arsenal Image Mounter

      📄 ArsenalImageMounter.exe

:open_file_folder: Autopsy

      📦 autopsy-4.21.0-64bit.msi

:open_file_folder: Browser

      📂 browsinghistoryview-x64

            📄 BrowsingHistoryView.exe

      📂 chromecacheview

            📄 ChromeCacheView.exe

:open_file_folder: Data Carving

      📂 Scapel-2.0

            📄 scalpel.exe

      📦 rcsetup153.exe

:open_file_folder: Email

      📄 setup-email-forensics-wizard.exe

:open_file_folder: Exiftool

      📄 exiftool.exe

:open_file_folder: FTK

      📂 AccessData

      🔗 FTK Imager.lnk

:open_file_folder: FullEvent

      📄 FullEventLogView.exe

:open_file_folder: Hayabusa

      📄 hayabusa-2.9.0-win-x64.exe

:open_file_folder: LogonTracer

      🐍 logontracer.py

:open_file_folder: Loki

      📂 loki

            📄 loki.exe

            📄 loki-upgrader.exe

:open_file_folder: MemProcFS

      📄 MemProcFS.exe

:open_file_folder: MobSF

      🦇 run.bat

:open_file_folder: Network

      📂 NetWorkMiner_2-8-1

            📄 NetworkMiner.exe

      📄 WireSharkPortable.exe

:open_file_folder: OLETools

      🦇 install.bat

:open_file_folder: Plaso

      📂 plaso-20240308

            🐍 setup.py

:open_file_folder: RDPCache

      📂 bmc-tools

            🐍 bmc-tools.py

      📂 RdpCacheStitcher-v1.1-win64

            📂 RdpCacheStitcher_Windows_x64

                  📄 RdpCacheStitcher.exe

:open_file_folder: Registry Recon

      📦 RegistryRecon_2.4.0.0079.msi

:open_file_folder: SQL Lite

      📂 DB Browser for SQLite

            📄 DB Browser for SQLite.exe

:open_file_folder: UFS Explorer

      📄 ufsxpci.exe

:open_file_folder: UsnJrnlToCSV

      📄 UsnJrnl2Csv64.exe

:open_file_folder: Volatility3

      🐍 vol.py

:open_file_folder: ZimmermanTools

      📂 net6

            📂 EvtxeCmd

            📂 EZViewer

            📂 iisGeolocate

            📂 JumpListExplorer

            📂 MFTExplorer

            📂 RECmd

            📂 RegistryExplorer

            📂 SDBExplorer

            📂 ShellBagsExplorer

            📂 SQLECmd

            📂 TimelineExplorer

            📄 AmcacheParser.exe

            📄 AppCompatCacheParser.exe

            📄 bstrings.exe

            📄 JLECmd.exe

            📄 LECmd.exe

            📄 MFTECmd.exe

            📄 PECmd.exe

            📄 RBCmd.exe

            📄 RecentFileCacheParser.exe

            📄 rla.exe

            📄 SBECmd.exe

            📄 SrumECmd.exe

            📄 SumECmd.exe

            📄 VSCMount.exe

            📄 WxTCmd.exe

      🪟 Get-ZimmermanTools.ps1