Available Tools for Download
- Below are various tools that cover a wide range of Windows digital computer forensic analysis.
Warning: please read the Disclaimer prior to downloading or running these tools.
Artifact Analysis
- Windows Prefetch Parser - pf
- Windows 'index.dat' Parser - id
- Windows LNK Parsing Utility - lp
- Windows USB Storage Parser - usp
- Timeline ActivitiesCache Parser - tac
- Windows Jump List Parser - jmp
- Windows Shim Database (SDB) Parser - shims
- Trash Inspection & Analysis - tia
- Safari Artifact Parser - sap
- Windows Push Notification DB Parser - wpn
- MS Office Backstage Parser - bs
- Chromium SQLite Parser - csp
- Mozilla SQLite Parser - msp
- Mozilla Cache Parser - mcp
- Chromium Cache Parser - ccp
- FAT32 & exFAT Analysis - fata
Registry and Event Log Analysis
- Yet Another Registry Utility - yaru
- Windows Event Log Viewer - evtx_view
- Windows ShellBag Parser - sbag
- Computer Account Forensic Artifact Extractor - cafae
- Windows Event Log Parser - evtwalk
- Windows AppCompatibility Cache Utility - wacu
- Event Log MessageTables Offline - elmo
- Trace Event Log and Analysis - tela
- Windows EVTX Fragment eXtension Parser - evtfx
NTFS Filesystem Analysis
- Windows Journal Parser - jp
- NTFS Directory Enumerator - ntfsdir
- NTFS File Copy Utility - ntfscopy
- Windows $MFT and NTFS Metadata Extractor Tool - ntfswalk
- Windows INDX Slack Parser - wisp
- Graphical Engine for NTFS Analysis - gena
- $MFT and $LogFile Analysis - mala
Network Support Utilities
- DNS Query Utility - dqu
- Packet Capture ICMP Carver - pic
- Network Xfer Client/Server Utility - nx
- Modular Inspection Network Xfer Agent - minx
Portable Executable Utilities
- Windows Portable Executable Viewer - pe_view
- Portable Executable Scanner - pescan
Miscellaneous Tools
- Volume Shadow Snapshot Enumerator - vssenum
- Windows Symbol Fetch Utility - sf
- CSV Data eXchange - csvdx
- Disk Utility & Packer - dup
Package Builds