Tools

Easily add images, screen captures, videos and attachments to your notes.

Backstage Parser is an open source Python tool that can be used to parse the contents of Microsoft Office Backstage files.

Hive Recon extracts Registry hives from Windows hibernation and crash dump files, often extracting hives when other solutions have completely failed and extracting healthier (more intact) hives when other solutions have appeared to run successfully.

Registry forensics has long been relegated to analyzing only readily accessible Windows Registries, often one at a time, in a needlessly time-consuming and archaic way.

Many Windows®-based disk image mounting solutions mount the contents of disk images as shares or partitions, rather than complete (a/k/a “physical” or “real”) disks, which limits their usefulness to digital forensics practitioners and others.

Atola TaskForce is a high-performance forensic imager capable of working with both good and damaged media, developed specifically for forensic use.

Atola Insight Forensic is a fast forensic imager with the capacity to perform
3 simultaneous imaging sessions on a wide range of media.

It also offers complex yet highly automated data recovery functions on failing storage devices and provides utilities for accessing hard drives at the lowest level. Its sophisticated software is wrapped in a simple and effective user interface.

Designed for use both in the lab and in the field, Insight is developed by a team of industry renowned data recovery engineers in collaboration with law enforcement agencies and forensic experts from around the globe.

Mission critical AI for human language, deployable in any environment

Autopsy is a Windows-based desktop digital forensics tool that is free, open source, and has all of the features that you’d normally find in commercial digital forensics tools. It is extensible and comes with features that include keyword search, hash matching, registry analysis, web analytics, and more. Basis Technology provides training, commercial support, and add-on modules.

Complete threat assessment done for you with speed, accuracy, and simplicity.

The MAGNET Chromebook Acquisition Assistant (MCAA) will help you acquire a logical image from a Chromebook when you have the username and password, and without requiring it to be in Developer Mode. Chromebook forensic images are acquired with a USB drive and the MCAA’s wizard style walkthrough will help you prepare the USB drive for image acquisition. The MCAA has been developed to automate much of the workflow first proposed in the Daniel Dickerman Chromebook Forensic Acquisition method.

MAGNET Encrypted Disk Detector (v3.0 released May 12th, 2020) is a command-line tool that can quickly and non-intrusively check for encrypted volumes on a computer system during incident response. The decision can then be made to investigate further and determine whether a live acquisition needs to be made in order to secure and preserve the evidence that would otherwise be lost if the plug was pulled .

MAGNET Web Page Saver (v3.3 released September 17th, 2020) is a perfect tool for capturing how web pages look at a specific point in time. This is especially useful in situations where the web pages need to be displayed in an environment where Internet access is not available (such as a court room).

MAGNET RAM Capture is a free imaging tool designed to capture the physical memory of a suspect’s computer, allowing investigators to recover and analyze valuable artifacts that are often only found in memory.

MAGNET Process Capture is a free tool that allows you to capture memory from individual running processes. Whether you’re short on time or are only interested in specific processes, MAGNET Process Capture can retrieve these specific processes and also provide less fragmented data and better recovery of larger data types.

MAGNET App Simulator lets you load application data from Android devices in your case into a virtual environment, enabling you to view and interact with the data as the user would have seen it on their own device. Use this tool to get a feel of how a suspect was interacting with their data, or to present the evidence to juries and stakeholders in a familiar mobile appearance.

Magnet ACQUIRE lets digital forensic examiners quickly and easily acquire forensic images of any iOS or Android device, hard drive, and removable media — and is available at no cost to the forensic community.

The MAGNET Custom Artifact Generator (MCAG) tool makes it easy to create custom artifacts for use within Magnet AXIOM from CSV (and other delimited files) and SQLite databases. This means you can now build your own custom artifacts to bring data into AXIOM from other sources without needing to know XML/Python or Magnet’s API for custom artifacts.