디지털 포렌식 관련 무료 프로그램 모음

디지털 포렌식 공부를 하면서 사용했었던 프로그램들을 소개해드리겠습니다.

추후 제가 추가로 접하는 프로그램들 또한 지속적으로 업데이트할 예정입니다.

공식 배포 홈페이지가 따로 있는 경우 댓글로 알려주시면 감사하겠습니다.

포스팅 업데이트 최신 날짜 : 2023-01-13

디지털 포렌식 관련 무료 프로그램 모음

1. AmCache

AmcacheParser

http://ericzimmerman.github.io/#!index.md

2. AppCompatCache(ShimCache)

AppCompatCacheParser

http://ericzimmerman.github.io/#!index.md

3. 이벤트 로그

Evtx Explorer/EvtxECmd

http://ericzimmerman.github.io/#!index.md

LogParserStudio2(LPSV2.D2)

https://techcommunity.microsoft.com/t5/exchange-team-blog/introducing-log-parser-studio/ba-p/601131

MessageAnalyzer64

https://microsoft-message-analyzer.software.informer.com/download/#downloading

4. Hash

HashCalc

https://www.slavasoft.com/hashcalc/

HashTab

http://implbits.com/products/hashtab/

5. Jumplist

JLECmd, JumpList Explorer

http://ericzimmerman.github.io/#!index.md

JumplistView

https://www.nirsoft.net/utils/jump_lists_view.html

6. link file

LECmd

http://ericzimmerman.github.io/#!index.md

LinkParser

https://4discovery.com/our-tools/link-parser/

7. File System(MFT, Log, Data)

MFTECmd, MFTExplorer

http://ericzimmerman.github.io/#!index.md

analyzeMFT Python Code

https://github.com/dkovar/analyzeMFT

https://kkoha.tistory.com/entry/analyzeMFT-204

NTFS Log Tracker

https://sites.google.com/site/forensicnote/ntfs-log-tracker?fbclid=IwAR2P6h8xdxXLdUFVE2SFjORLPGaPRGctdoV3-40-YlcS0fkWduaXKkU3VEk

NTFS Data Tracker

https://sites.google.com/site/forensicnote/ntfs-data-tracker?fbclid=IwAR3WulLe85esgaX0mHK__7_nwBkfOdjfjngPNdXjr4cQeTiuZeefxe0jGKs

8. Prefetch

PECmd

http://ericzimmerman.github.io/#!index.md

WinPrefetchView

https://www.nirsoft.net/utils/win_prefetch_view.html

9. Registry

Registry Explorer/RECmd

http://ericzimmerman.github.io/#!index.md

REGA

http://forensic.korea.ac.kr/tools.html

RegRipper

https://github.com/keydet89/RegRipper3.0

10. Shellbags

ShellBags Explorer

http://ericzimmerman.github.io/#!index.md

ShellBags View

https://www.nirsoft.net/utils/shell_bags_view.html

11. SRUM(SRUDB.dat)

SrumECmd

http://ericzimmerman.github.io/#!index.md

NetworkUsageView

https://www.nirsoft.net/utils/network_usage_view.html

12. Windows10 Timeline db

WxTCmd

http://ericzimmerman.github.io/#!index.md

13. Image Mount / Disk Imaging

Arsenal Image Mounter(Image Mount)

https://arsenalrecon.com/downloads/

FTK Imager(Image Mount, Disk Imaging, File Restore(파일 복구))

https://accessdata.com/product-download/ftk-imager-version-4-5

14. Web Browser

Browsing History View

https://www.nirsoft.net/utils/browsing_history_view.html

Chrome Cache View

https://www.nirsoft.net/utils/chrome_cache_view.html

IE Cache View

https://www.nirsoft.net/utils/ie_cache_viewer.html

WEFA

http://forensic.korea.ac.kr/tools.html

Index.dat Analyzer v2.5

https://www.systenance.com/indexdat.php

15. USB

USB Forensic Tracker

http://www.orionforensics.com/forensics-tools/usb-forensic-tracker/

16. Exif File

Exif Pilot

https://www.colorpilot.com/exif.html

Exiftool

https://exiftool.org/

17. GPS

GPS Route Editor

http://www.gpsnote.net/

18. Volume Shadow Copy Service(VSS)

Shadow Explorer

https://www.shadowexplorer.com/downloads.html

VSCToolset

https://df-stream.com/vsc-toolset/

19. MS Outlook

Kernel PST Viewer

https://www.nucleustechnologies.com/pst-viewer.html

Kernel OST Viewer

https://www.nucleustechnologies.com/ost-viewer.html

SysTools DBX Converter

https://download.cnet.com/SysTools-DBX-Converter/3000-2369_4-76172720.html

20. Hex Editor

HxD

https://mh-nexus.de/en/hxd/

21. SQLite

DB Browser for SQLite

https://sqlitebrowser.org/

22. ShellCode

scdbg.exe

http://sandsprite.com/blogs/index.php?uid=7&pid=152

23. File Structure

Structured Storage Viewer(SSView)

https://www.mitec.cz/ssv.html

24. Strings

Strings

https://docs.microsoft.com/en-us/sysinternals/downloads/strings

25. Memory

Volatility 2.6

https://www.volatilityfoundation.org/26

Volatility 3.x

https://github.com/volatilityfoundation/volatility3

DumpIt

https://github.com/Crypt2Shell/Comae-Toolkit

GIMP

https://www.gimp.org/

Magnet Dumpit for Windows

https://www.magnetforensics.com/resources/magnet-dumpit-for-windows/?utm_source=Pardot&utm_medium=Email&utm_campaign=Free_Tools_DumpIt_for_Windows_Requests_Email_Announcement

Magnet Dumpit for Linux

https://github.com/MagnetForensics/dumpit-linux

26. Steganography

Stegsolve.jar

http://www.caesum.com/handbook/stego.htm

OpenStego

https://www.openstego.com/

OpenPuff

https://embeddedsw.net/OpenPuff_Steganography_Home.html

Audacity

https://www.audacityteam.org/

AudioPaint

https://www.softpedia.com/get/Multimedia/Audio/Other-AUDIO-Tools/AudioPaint.shtml

FL Studio

https://www.image-line.com/

기타 스테가노그래피 프로그램 모음

http://www.jjtc.com/Steganography/tools.html

27. ADS(Alternate Data Stream)

Sysinternals Streams.exe

https://docs.microsoft.com/en-us/sysinternals/downloads/streams

nirsoft AlternateStreamView.exe

https://www.nirsoft.net/utils/alternate_data_streams.html

CMD/PowerShell로 분석

https://present4n6.tistory.com/76?category=904227

28. Mobile

ALEAPP

https://github.com/abrignoni/ALEAPP

29. 통합 분석 프로그램

Autopsy

https://www.autopsy.com/download/

30. 아티팩트 크롤러

KAPE

https://www.kroll.com/en/services/cyber-risk/incident-response-litigation-support/kroll-artifact-parser-extractor-kape

디지털 포렌식 관련 무료 프로그램 모음

1. AmCache

2. AppCompatCache(ShimCache)

3. 이벤트 로그

4. Hash

5. Jumplist

6. link file

7. File System(MFT, Log, Data)

8. Prefetch

9. Registry

10. Shellbags

11. SRUM(SRUDB.dat)

12. Windows10 Timeline db

13. Image Mount / Disk Imaging

14. Web Browser

15. USB

16. Exif File

17. GPS

18. Volume Shadow Copy Service(VSS)

19. MS Outlook

20. Hex Editor

21. SQLite

22. ShellCode

23. File Structure

24. Strings

25. Memory

26. Steganography

27. ADS(Alternate Data Stream)

28. Mobile

29. 통합 분석 프로그램

30. 아티팩트 크롤러

티스토리툴바