Artifact Analysis  Registry/Event Analysis  NTFS Analysis  Network Utilities  PE Utilities  Miscellaneous


Artifact Analysis  (top)

   Windows Prefetch Parser (pf)
32-bit Version 64-bit Version
Windows:pf32.v.1.32.win.zippf64.v.1.32.win.zipmd5/sha1
Linux:pf32.v.1.32.lin.tar.gz*pf64.v.1.32.lin.tar.gzmd5/sha1
Mac OS X:Not Availablepf.v.1.32.osx.tar.gzmd5/sha1
   Windows 'index.dat' Parser (id)
32-bit Version 64-bit Version
Windows:id32.v.0.85.win.zipid64.v.0.85.win.zipmd5/sha1
Linux:id32.v.0.85.lin.tar.gz*id64.v.0.85.lin.tar.gzmd5/sha1
Mac OS X:Not Availableid.v.0.85.osx.tar.gzmd5/sha1
   Windows LNK Parsing Utility (lp)
32-bit Version 64-bit Version
Windows:lp32.v.1.00.win.ziplp64.v.1.00.win.zipmd5/sha1
Linux:lp32.v.1.00.lin.tar.gz*lp64.v.1.00.lin.tar.gzmd5/sha1
Mac OS X:Not Availablelp.v.1.00.osx.tar.gzmd5/sha1
   Windows USB Storage Parser (usp)
32-bit Version 64-bit Version
Windows:usp32.v.0.72.win.zipusp64.v.0.72.win.zipmd5/sha1
Linux:usp32.v.0.72.lin.tar.gz*usp64.v.0.72.lin.tar.gzmd5/sha1
Mac OS X:Not Availableusp.v.0.72.osx.tar.gzmd5/sha1
   Timeline ActivitiesCache Parser (tac)
32-bit Version 64-bit Version
Windows:tac32.v.0.26.win.ziptac64.v.0.26.win.zipmd5/sha1
Linux:tac32.v.0.26.lin.tar.gz*tac64.v.0.26.lin.tar.gzmd5/sha1
Mac OS X:Not Availabletac.v.0.26.osx.tar.gzmd5/sha1
   Windows Jump List Parser (jmp)
32-bit Version 64-bit Version
Windows:jmp32.v.0.56.win.zipjmp64.v.0.56.win.zipmd5/sha1
Linux:jmp32.v.0.56.lin.tar.gz*jmp64.v.0.56.lin.tar.gzmd5/sha1
Mac OS X:Not Availablejmp.v.0.56.osx.tar.gzmd5/sha1
   Windows Shim Database (SDB) Parser (shims)
32-bit Version 64-bit Version
Windows:shims32.v.0.37.win.zipshims64.v.0.37.win.zipmd5/sha1
Linux:shims32.v.0.37.lin.tar.gz*shims64.v.0.37.lin.tar.gzmd5/sha1
Mac OS X:Not Availableshims.v.0.37.osx.tar.gzmd5/sha1
   Trash Inspection & Analysis (tia)
32-bit Version 64-bit Version
Windows:tia32.v.0.29.win.ziptia64.v.0.29.win.zipmd5/sha1
Linux:tia32.v.0.29.lin.tar.gz*tia64.v.0.29.lin.tar.gzmd5/sha1
Mac OS X:Not Availabletia.v.0.29.osx.tar.gzmd5/sha1
   Safari Artifact Parser (sap)
32-bit Version 64-bit Version
Windows:sap32.v.0.10.win.zipsap64.v.0.10.win.zipmd5/sha1
Linux:sap32.v.0.10.lin.tar.gz*sap64.v.0.10.lin.tar.gzmd5/sha1
Mac OS X:Not Availablesap.v.0.10.osx.tar.gzmd5/sha1
   Windows Push Notification DB Parser (wpn)
32-bit Version 64-bit Version
Windows:wpn32.v.0.22.win.zipwpn64.v.0.22.win.zipmd5/sha1
Linux:wpn32.v.0.22.lin.tar.gz*wpn64.v.0.22.lin.tar.gzmd5/sha1
Mac OS X:Not Availablewpn.v.0.22.osx.tar.gzmd5/sha1
   MS Office Backstage Parser (bs)
32-bit Version 64-bit Version
Windows:bs32.v.0.15.win.zipbs64.v.0.15.win.zipmd5/sha1
Linux:bs32.v.0.15.lin.tar.gz*bs64.v.0.15.lin.tar.gzmd5/sha1
Mac OS X:Not Availablebs.v.0.15.osx.tar.gzmd5/sha1
   Chromium Parser (cp)
32-bit Version 64-bit Version
Windows:cp32.v.0.18.win.zipcp64.v.0.18.win.zipmd5/sha1
Linux:cp32.v.0.18.lin.tar.gz*cp64.v.0.18.lin.tar.gzmd5/sha1
Mac OS X:Not Availablecp.v.0.18.osx.tar.gzmd5/sha1
   Mozilla SQLite Parser (msp)
32-bit Version 64-bit Version
Windows:msp32.v.0.12.win.zipmsp64.v.0.12.win.zipmd5/sha1
Linux:msp32.v.0.12.lin.tar.gz*msp64.v.0.12.lin.tar.gzmd5/sha1
Mac OS X:Not Availablemsp.v.0.12.osx.tar.gzmd5/sha1
   Mozilla Cache Parser (mcp)
32-bit Version 64-bit Version
Windows:mcp32.v.0.14.win.zipmcp64.v.0.14.win.zipmd5/sha1
Linux:mcp32.v.0.14.lin.tar.gz*mcp64.v.0.14.lin.tar.gzmd5/sha1
Mac OS X:Not Availablemcp.v.0.14.osx.tar.gzmd5/sha1

Registry and Event Log Analysis  (top)

   Yet Another Registry Utility (yaru)
32-bit Version 64-bit Version
Windows:yaru32.v.1.81.win.zipyaru64.v.1.81.win.zipmd5/sha1
Linux:yaru32.v.1.81.lin.tar.gz*yaru64.v.1.81.lin.tar.gzmd5/sha1
Mac OS X:Not Availableyaru.v.1.81.osx.tar.gzmd5/sha1
   Windows Event Log Viewer (evtx_view)
32-bit Version 64-bit Version
Windows:evtx_view32.v.1.13.win.zipevtx_view64.v.1.13.win.zipmd5/sha1
Linux:evtx_view32.v.1.13.lin.tar.gz*evtx_view64.v.1.13.lin.tar.gzmd5/sha1
Mac OS X:Not Availableevtx_view.v.1.13.osx.tar.gzmd5/sha1
   Windows ShellBag Parser (sbag)
32-bit Version 64-bit Version
Windows:sbag32.v.0.72.win.zipsbag64.v.0.72.win.zipmd5/sha1
Linux:sbag32.v.0.72.lin.tar.gz*sbag64.v.0.72.lin.tar.gzmd5/sha1
Mac OS X:Not Availablesbag.v.0.72.osx.tar.gzmd5/sha1
   Computer Account Forensic Artifact Extractor (cafae)
32-bit Version 64-bit Version
Windows:cafae32.v.0.72.win.zipcafae64.v.0.72.win.zipmd5/sha1
Linux:cafae32.v.0.72.lin.tar.gz*cafae64.v.0.72.lin.tar.gzmd5/sha1
Mac OS X:Not Availablecafae.v.0.72.osx.tar.gzmd5/sha1
   Windows Event Log Parser (evtwalk)
32-bit Version 64-bit Version
Windows:evtwalk32.v.0.56.win.zipevtwalk64.v.0.56.win.zipmd5/sha1
Linux:evtwalk32.v.0.56.lin.tar.gz*evtwalk64.v.0.56.lin.tar.gzmd5/sha1
Mac OS X:Not Availableevtwalk.v.0.56.osx.tar.gzmd5/sha1
   Windows AppCompatibility Cache Utility (wacu)
32-bit Version 64-bit Version
Windows:wacu32.v.0.45.win.zipwacu64.v.0.45.win.zipmd5/sha1
Linux:wacu32.v.0.45.lin.tar.gz*wacu64.v.0.45.lin.tar.gzmd5/sha1
Mac OS X:Not Availablewacu.v.0.45.osx.tar.gzmd5/sha1
   Event Log MessageTables Offline (elmo)
32-bit Version 64-bit Version
Windows:elmo32.v.0.37.win.zipelmo64.v.0.37.win.zipmd5/sha1
Linux:elmo32.v.0.37.lin.tar.gz*elmo64.v.0.37.lin.tar.gzmd5/sha1
Mac OS X:Not Availableelmo.v.0.37.osx.tar.gzmd5/sha1
   Trace Event Log and Analysis (tela)
32-bit Version 64-bit Version
Windows:tela32.v.0.23.win.ziptela64.v.0.23.win.zipmd5/sha1
Linux:tela32.v.0.23.lin.tar.gz*tela64.v.0.23.lin.tar.gzmd5/sha1
Mac OS X:Not Availabletela.v.0.23.osx.tar.gzmd5/sha1

NTFS Filesystem Analysis  (top)

   Windows Journal Parser (jp)
32-bit Version 64-bit Version
Windows:jp32.v.1.41.win.zipjp64.v.1.41.win.zipmd5/sha1
Linux:jp32.v.1.41.lin.tar.gz*jp64.v.1.41.lin.tar.gzmd5/sha1
Mac OS X:Not Availablejp.v.1.41.osx.tar.gzmd5/sha1
   NTFS Directory Enumerator (ntfsdir)
32-bit Version 64-bit Version
Windows:ntfsdir32.v.1.37.win.zipntfsdir64.v.1.37.win.zipmd5/sha1
Linux:ntfsdir32.v.1.37.lin.tar.gz*ntfsdir64.v.1.37.lin.tar.gzmd5/sha1
Mac OS X:Not Availablentfsdir.v.1.37.osx.tar.gzmd5/sha1
   NTFS File Copy Utility (ntfscopy)
32-bit Version 64-bit Version
Windows:ntfscopy32.v.1.06.win.zipntfscopy64.v.1.06.win.zipmd5/sha1
Linux:ntfscopy32.v.1.06.lin.tar.gz*ntfscopy64.v.1.06.lin.tar.gzmd5/sha1
Mac OS X:Not Availablentfscopy.v.1.06.osx.tar.gzmd5/sha1
   Windows $MFT and NTFS Metadata Extractor Tool (ntfswalk)
32-bit Version 64-bit Version
Windows:ntfswalk32.v.0.86.win.zipntfswalk64.v.0.86.win.zipmd5/sha1
Linux:ntfswalk32.v.0.86.lin.tar.gz*ntfswalk64.v.0.86.lin.tar.gzmd5/sha1
Mac OS X:Not Availablentfswalk.v.0.86.osx.tar.gzmd5/sha1
   Windows INDX Slack Parser (wisp)
32-bit Version 64-bit Version
Windows:wisp32.v.0.50.win.zipwisp64.v.0.50.win.zipmd5/sha1
Linux:wisp32.v.0.50.lin.tar.gz*wisp64.v.0.50.lin.tar.gzmd5/sha1
Mac OS X:Not Availablewisp.v.0.50.osx.tar.gzmd5/sha1
   Graphical Engine for NTFS Analysis (gena)
32-bit Version 64-bit Version
Windows:gena32.v.0.51.win.zipgena64.v.0.51.win.zipmd5/sha1
Linux:gena32.v.0.51.lin.tar.gz*gena64.v.0.51.lin.tar.gzmd5/sha1
Mac OS X:Not Availablegena.v.0.51.osx.tar.gzmd5/sha1
   $MFT and $LogFile Analysis (mala)
32-bit Version 64-bit Version
Windows:mala32.v.0.15.win.zipmala64.v.0.15.win.zipmd5/sha1
Linux:mala32.v.0.15.lin.tar.gz*mala64.v.0.15.lin.tar.gzmd5/sha1
Mac OS X:Not Availablemala.v.0.15.osx.tar.gzmd5/sha1

Network Support Utilities  (top)

   DNS Query Utility (dqu)
32-bit Version 64-bit Version
Windows:dqu32.v.0.41.win.zipdqu64.v.0.41.win.zipmd5/sha1
Linux:dqu32.v.0.41.lin.tar.gz*dqu64.v.0.41.lin.tar.gzmd5/sha1
Mac OS X:Not Availabledqu.v.0.41.osx.tar.gzmd5/sha1
   Packet Capture ICMP Carver (pic)
32-bit Version 64-bit Version
Windows:pic32.v.0.32.win.zippic64.v.0.32.win.zipmd5/sha1
Linux:pic32.v.0.32.lin.tar.gz*pic64.v.0.32.lin.tar.gzmd5/sha1
Mac OS X:Not AvailableNot Availablemd5/sha1
   Network Xfer Client/Server Utility (nx)
32-bit Version 64-bit Version
Windows:nx32.v.0.35.win.zipnx64.v.0.35.win.zipmd5/sha1
Linux:nx32.v.0.35.lin.tar.gz*nx64.v.0.35.lin.tar.gzmd5/sha1
Mac OS X:Not Availablenx.v.0.35.osx.tar.gzmd5/sha1
   Modular Inspection Network Xfer Agent (minx)
32-bit Version 64-bit Version
Windows:minx32.v.0.21.win.zipminx64.v.0.21.win.zipmd5/sha1
Linux:minx32.v.0.21.lin.tar.gz*minx64.v.0.21.lin.tar.gzmd5/sha1
Mac OS X:Not Availableminx.v.0.21.osx.tar.gzmd5/sha1

Portable Executable Utilities  (top)

   Windows Portable Executable Viewer (pe_view)
32-bit Version 64-bit Version
Windows:pe_view32.v.1.19.win.zippe_view64.v.1.19.win.zipmd5/sha1
Linux:pe_view32.v.1.19.lin.tar.gz*pe_view64.v.1.19.lin.tar.gzmd5/sha1
Mac OS X:Not Availablepe_view.v.1.19.osx.tar.gzmd5/sha1
   Portable Executable Scanner (pescan)
32-bit Version 64-bit Version
Windows:pescan32.v.0.58.win.zippescan64.v.0.58.win.zipmd5/sha1
Linux:pescan32.v.0.58.lin.tar.gz*pescan64.v.0.58.lin.tar.gzmd5/sha1
Mac OS X:Not Availablepescan.v.0.58.osx.tar.gzmd5/sha1

Miscellaneous Tools  (top)

   Volume Shadow Snapshot Enumerator (vssenum)
32-bit Version 64-bit Version
Windows:vssenum32.v.0.30.win.zipvssenum64.v.0.30.win.zipmd5/sha1
Linux:Not AvailableNot Available
Mac OS X:Not AvailableNot Available
   Windows Symbol Fetch Utility (sf)
32-bit Version 64-bit Version
Windows:sf32.v.0.56.win.zipsf64.v.0.56.win.zipmd5/sha1
Linux:Not AvailableNot Available
Mac OS X:Not AvailableNot Available
   CSV Data eXchange (csvdx)
32-bit Version 64-bit Version
Windows:csvdx32.v.0.34.win.zipcsvdx64.v.0.34.win.zipmd5/sha1
Linux:csvdx32.v.0.34.lin.tar.gz*csvdx64.v.0.34.lin.tar.gzmd5/sha1
Mac OS X:Not Availablecsvdx.v.0.34.osx.tar.gzmd5/sha1
   Disk Utility & Packer (dup)
32-bit Version 64-bit Version
Windows:dup32.v.0.36.win.zipdup64.v.0.36.win.zipmd5/sha1
Linux:Not Availabledup64.v.0.36.lin.tar.gzmd5/sha1
Mac OS X:Not Availabledup.v.0.36.osx.tar.gzmd5/sha1

Package Builds  (top)

   Mar 2021 build (package)
32-bit Version 64-bit Version
Windows:2021.03.05.win32.zip2021.03.05.win64.zipmd5/sha1
Linux:Not Available2021.03.05.lin64.zipmd5/sha1
Mac OS X:Not Available2021.03.05.osx.zipmd5/sha1
*32bit apps can run in a 64bit linux distribution if "ia32-libs" (and dependencies) are present.