Artifact Analysis  Registry/Event Analysis  NTFS Analysis  Network Utilities  PE Utilities  Miscellaneous


Artifact Analysis  (top)

   Windows Prefetch Parser (pf)
32-bit Version 64-bit Version
Windows:pf32.v.1.33.win.zippf64.v.1.33.win.zipmd5/sha1
Linux:pf32.v.1.33.lin.tar.gz*pf64.v.1.33.lin.tar.gzmd5/sha1
Mac OS X:Not Availablepf.v.1.33.dmgmd5/sha1
   Windows 'index.dat' Parser (id)
32-bit Version 64-bit Version
Windows:id32.v.0.86.win.zipid64.v.0.86.win.zipmd5/sha1
Linux:id32.v.0.86.lin.tar.gz*id64.v.0.86.lin.tar.gzmd5/sha1
Mac OS X:Not Availableid.v.0.86.dmgmd5/sha1
   Windows LNK Parsing Utility (lp)
32-bit Version 64-bit Version
Windows:lp32.v.1.01.win.ziplp64.v.1.01.win.zipmd5/sha1
Linux:lp32.v.1.01.lin.tar.gz*lp64.v.1.01.lin.tar.gzmd5/sha1
Mac OS X:Not Availablelp.v.1.01.dmgmd5/sha1
   Windows USB Storage Parser (usp)
32-bit Version 64-bit Version
Windows:usp32.v.0.73.win.zipusp64.v.0.73.win.zipmd5/sha1
Linux:usp32.v.0.73.lin.tar.gz*usp64.v.0.73.lin.tar.gzmd5/sha1
Mac OS X:Not Availableusp.v.0.73.dmgmd5/sha1
   Timeline ActivitiesCache Parser (tac)
32-bit Version 64-bit Version
Windows:tac32.v.0.27.win.ziptac64.v.0.27.win.zipmd5/sha1
Linux:tac32.v.0.27.lin.tar.gz*tac64.v.0.27.lin.tar.gzmd5/sha1
Mac OS X:Not Availabletac.v.0.27.dmgmd5/sha1
   Windows Jump List Parser (jmp)
32-bit Version 64-bit Version
Windows:jmp32.v.0.57.win.zipjmp64.v.0.57.win.zipmd5/sha1
Linux:jmp32.v.0.57.lin.tar.gz*jmp64.v.0.57.lin.tar.gzmd5/sha1
Mac OS X:Not Availablejmp.v.0.57.dmgmd5/sha1
   Windows Shim Database (SDB) Parser (shims)
32-bit Version 64-bit Version
Windows:shims32.v.0.38.win.zipshims64.v.0.38.win.zipmd5/sha1
Linux:shims32.v.0.38.lin.tar.gz*shims64.v.0.38.lin.tar.gzmd5/sha1
Mac OS X:Not Availableshims.v.0.38.dmgmd5/sha1
   Trash Inspection & Analysis (tia)
32-bit Version 64-bit Version
Windows:tia32.v.0.30.win.ziptia64.v.0.30.win.zipmd5/sha1
Linux:tia32.v.0.30.lin.tar.gz*tia64.v.0.30.lin.tar.gzmd5/sha1
Mac OS X:Not Availabletia.v.0.30.dmgmd5/sha1
   Safari Artifact Parser (sap)
32-bit Version 64-bit Version
Windows:sap32.v.0.11.win.zipsap64.v.0.11.win.zipmd5/sha1
Linux:sap32.v.0.11.lin.tar.gz*sap64.v.0.11.lin.tar.gzmd5/sha1
Mac OS X:Not Availablesap.v.0.11.dmgmd5/sha1
   Windows Push Notification DB Parser (wpn)
32-bit Version 64-bit Version
Windows:wpn32.v.0.23.win.zipwpn64.v.0.23.win.zipmd5/sha1
Linux:wpn32.v.0.23.lin.tar.gz*wpn64.v.0.23.lin.tar.gzmd5/sha1
Mac OS X:Not Availablewpn.v.0.23.dmgmd5/sha1
   MS Office Backstage Parser (bs)
32-bit Version 64-bit Version
Windows:bs32.v.0.16.win.zipbs64.v.0.16.win.zipmd5/sha1
Linux:bs32.v.0.16.lin.tar.gz*bs64.v.0.16.lin.tar.gzmd5/sha1
Mac OS X:Not Availablebs.v.0.16.dmgmd5/sha1
   Chromium Parser (cp)
32-bit Version 64-bit Version
Windows:cp32.v.0.19.win.zipcp64.v.0.19.win.zipmd5/sha1
Linux:cp32.v.0.19.lin.tar.gz*cp64.v.0.19.lin.tar.gzmd5/sha1
Mac OS X:Not Availablecp64.v.0.19.dmgmd5/sha1
   Mozilla SQLite Parser (msp)
32-bit Version 64-bit Version
Windows:msp32.v.0.13.win.zipmsp64.v.0.13.win.zipmd5/sha1
Linux:msp32.v.0.13.lin.tar.gz*msp64.v.0.13.lin.tar.gzmd5/sha1
Mac OS X:Not Availablemsp.v.0.13.dmgmd5/sha1
   Mozilla Cache Parser (mcp)
32-bit Version 64-bit Version
Windows:mcp32.v.0.15.win.zipmcp64.v.0.15.win.zipmd5/sha1
Linux:mcp32.v.0.15.lin.tar.gz*mcp64.v.0.15.lin.tar.gzmd5/sha1
Mac OS X:Not Availablemcp.v.0.15.dmgmd5/sha1

Registry and Event Log Analysis  (top)

   Yet Another Registry Utility (yaru)
32-bit Version 64-bit Version
Windows:yaru32.v.1.82.win.zipyaru64.v.1.82.win.zipmd5/sha1
Linux:yaru32.v.1.82.lin.tar.gz*yaru64.v.1.82.lin.tar.gzmd5/sha1
Mac OS X:Not Availableyaru.v.1.82.dmgmd5/sha1
   Windows Event Log Viewer (evtx_view)
32-bit Version 64-bit Version
Windows:evtx_view32.v.1.14.win.zipevtx_view64.v.1.14.win.zipmd5/sha1
Linux:evtx_view32.v.1.14.lin.tar.gz*evtx_view64.v.1.14.lin.tar.gzmd5/sha1
Mac OS X:Not Availableevtx_view.v.1.14.dmgmd5/sha1
   Windows ShellBag Parser (sbag)
32-bit Version 64-bit Version
Windows:sbag32.v.0.73.win.zipsbag64.v.0.73.win.zipmd5/sha1
Linux:sbag32.v.0.73.lin.tar.gz*sbag64.v.0.73.lin.tar.gzmd5/sha1
Mac OS X:Not Availablesbag.v.0.73.dmgmd5/sha1
   Computer Account Forensic Artifact Extractor (cafae)
32-bit Version 64-bit Version
Windows:cafae32.v.0.73.win.zipcafae64.v.0.73.win.zipmd5/sha1
Linux:cafae32.v.0.73.lin.tar.gz*cafae64.v.0.73.lin.tar.gzmd5/sha1
Mac OS X:Not Availablecafae.v.0.73.dmgmd5/sha1
   Windows Event Log Parser (evtwalk)
32-bit Version 64-bit Version
Windows:evtwalk32.v.0.57.win.zipevtwalk64.v.0.57.win.zipmd5/sha1
Linux:evtwalk32.v.0.57.lin.tar.gz*evtwalk64.v.0.57.lin.tar.gzmd5/sha1
Mac OS X:Not Availableevtwalk.v.0.57.dmgmd5/sha1
   Windows AppCompatibility Cache Utility (wacu)
32-bit Version 64-bit Version
Windows:wacu32.v.0.46.win.zipwacu64.v.0.46.win.zipmd5/sha1
Linux:wacu32.v.0.46.lin.tar.gz*wacu64.v.0.46.lin.tar.gzmd5/sha1
Mac OS X:Not Availablewacu.v.0.46.dmgmd5/sha1
   Event Log MessageTables Offline (elmo)
32-bit Version 64-bit Version
Windows:elmo32.v.0.38.win.zipelmo64.v.0.38.win.zipmd5/sha1
Linux:elmo32.v.0.38.lin.tar.gz*elmo64.v.0.38.lin.tar.gzmd5/sha1
Mac OS X:Not Availableelmo.v.0.38.dmgmd5/sha1
   Trace Event Log and Analysis (tela)
32-bit Version 64-bit Version
Windows:tela32.v.0.24.win.ziptela64.v.0.24.win.zipmd5/sha1
Linux:tela32.v.0.24.lin.tar.gz*tela64.v.0.24.lin.tar.gzmd5/sha1
Mac OS X:Not Availabletela.v.0.24.dmgmd5/sha1

NTFS Filesystem Analysis  (top)

   Windows Journal Parser (jp)
32-bit Version 64-bit Version
Windows:jp32.v.1.42.win.zipjp64.v.1.42.win.zipmd5/sha1
Linux:jp32.v.1.42.lin.tar.gz*jp64.v.1.42.lin.tar.gzmd5/sha1
Mac OS X:Not Availablejp.v.1.42.dmgmd5/sha1
   NTFS Directory Enumerator (ntfsdir)
32-bit Version 64-bit Version
Windows:ntfsdir32.v.1.38.win.zipntfsdir64.v.1.38.win.zipmd5/sha1
Linux:ntfsdir32.v.1.38.lin.tar.gz*ntfsdir64.v.1.38.lin.tar.gzmd5/sha1
Mac OS X:Not Availablentfsdir.v.1.38.dmgmd5/sha1
   NTFS File Copy Utility (ntfscopy)
32-bit Version 64-bit Version
Windows:ntfscopy32.v.1.07.win.zipntfscopy64.v.1.07.win.zipmd5/sha1
Linux:ntfscopy32.v.1.07.lin.tar.gz*ntfscopy64.v.1.07.lin.tar.gzmd5/sha1
Mac OS X:Not Availablentfscopy.v.1.07.dmgmd5/sha1
   Windows $MFT and NTFS Metadata Extractor Tool (ntfswalk)
32-bit Version 64-bit Version
Windows:ntfswalk32.v.0.87.win.zipntfswalk64.v.0.87.win.zipmd5/sha1
Linux:ntfswalk32.v.0.87.lin.tar.gz*ntfswalk64.v.0.87.lin.tar.gzmd5/sha1
Mac OS X:Not Availablentfswalk.v.0.87.dmgmd5/sha1
   Windows INDX Slack Parser (wisp)
32-bit Version 64-bit Version
Windows:wisp32.v.0.51.win.zipwisp64.v.0.51.win.zipmd5/sha1
Linux:wisp32.v.0.51.lin.tar.gz*wisp64.v.0.51.lin.tar.gzmd5/sha1
Mac OS X:Not Availablewisp.v.0.51.dmgmd5/sha1
   Graphical Engine for NTFS Analysis (gena)
32-bit Version 64-bit Version
Windows:gena32.v.0.52.win.zipgena64.v.0.52.win.zipmd5/sha1
Linux:gena32.v.0.52.lin.tar.gz*gena64.v.0.52.lin.tar.gzmd5/sha1
Mac OS X:Not Availablegena.v.0.52.dmgmd5/sha1
   $MFT and $LogFile Analysis (mala)
32-bit Version 64-bit Version
Windows:mala32.v.0.16.win.zipmala64.v.0.16.win.zipmd5/sha1
Linux:mala32.v.0.16.lin.tar.gz*mala64.v.0.16.lin.tar.gzmd5/sha1
Mac OS X:Not Availablemala.v.0.16.dmgmd5/sha1

Network Support Utilities  (top)

   DNS Query Utility (dqu)
32-bit Version 64-bit Version
Windows:dqu32.v.0.42.win.zipdqu64.v.0.42.win.zipmd5/sha1
Linux:dqu32.v.0.42.lin.tar.gz*dqu64.v.0.42.lin.tar.gzmd5/sha1
Mac OS X:Not Availabledqu.v.0.42.dmgmd5/sha1
   Packet Capture ICMP Carver (pic)
32-bit Version 64-bit Version
Windows:pic32.v.0.33.win.zippic64.v.0.33.win.zipmd5/sha1
Linux:pic32.v.0.33.lin.tar.gz*pic64.v.0.33.lin.tar.gzmd5/sha1
Mac OS X:Not AvailableNot Available
   Network Xfer Client/Server Utility (nx)
32-bit Version 64-bit Version
Windows:nx32.v.0.37.win.zipnx64.v.0.37.win.zipmd5/sha1
Linux:nx32.v.0.37.lin.tar.gz*nx64.v.0.37.lin.tar.gzmd5/sha1
Mac OS X:Not Availablenx.v.0.36.dmgmd5/sha1
   Modular Inspection Network Xfer Agent (minx)
32-bit Version 64-bit Version
Windows:minx32.v.0.22.win.zipminx64.v.0.22.win.zipmd5/sha1
Linux:minx32.v.0.22.lin.tar.gz*minx64.v.0.22.lin.tar.gzmd5/sha1
Mac OS X:Not Availableminx.v.0.22.dmgmd5/sha1

Portable Executable Utilities  (top)

   Windows Portable Executable Viewer (pe_view)
32-bit Version 64-bit Version
Windows:pe_view32.v.1.20.win.zippe_view64.v.1.20.win.zipmd5/sha1
Linux:pe_view32.v.1.20.lin.tar.gz*pe_view64.v.1.20.lin.tar.gzmd5/sha1
Mac OS X:Not Availablepe_view.v.1.20.dmgmd5/sha1
   Portable Executable Scanner (pescan)
32-bit Version 64-bit Version
Windows:pescan32.v.0.59.win.zippescan64.v.0.59.win.zipmd5/sha1
Linux:pescan32.v.0.59.lin.tar.gz*pescan64.v.0.59.lin.tar.gzmd5/sha1
Mac OS X:Not Availablepescan.v.0.59.dmgmd5/sha1

Miscellaneous Tools  (top)

   Volume Shadow Snapshot Enumerator (vssenum)
32-bit Version 64-bit Version
Windows:vssenum32.v.0.31.win.zipvssenum64.v.0.31.win.zipmd5/sha1
Linux:Not AvailableNot Available
Mac OS X:Not AvailableNot Available
   Windows Symbol Fetch Utility (sf)
32-bit Version 64-bit Version
Windows:sf32.v.0.57.win.zipsf64.v.0.57.win.zipmd5/sha1
Linux:Not AvailableNot Available
Mac OS X:Not AvailableNot Available
   CSV Data eXchange (csvdx)
32-bit Version 64-bit Version
Windows:csvdx32.v.0.35.win.zipcsvdx64.v.0.35.win.zipmd5/sha1
Linux:csvdx32.v.0.35.lin.tar.gz*csvdx64.v.0.35.lin.tar.gzmd5/sha1
Mac OS X:Not Availablecsvdx.v.0.35.dmgmd5/sha1
   Disk Utility & Packer (dup)
32-bit Version 64-bit Version
Windows:dup32.v.0.37.win.zipdup64.v.0.37.win.zipmd5/sha1
Linux:Not Availabledup64.v.0.37.lin.tar.gzmd5/sha1
Mac OS X:Not Availabledup.v.0.37.dmgmd5/sha1

Package Builds  (top)

   Aug 2021 build (package)
32-bit Version 64-bit Version
Windows:2021.08.20.win32.zip2021.08.20.win64.zipmd5/sha1
Linux:Not Available2021.08.20.lin64.zipmd5/sha1
Mac OS X:Not Available2021.08.20.mac.dmgmd5/sha1
*32bit apps can run in a 64bit linux distribution if "ia32-libs" (and dependencies) are present.