디지털 포렌식 관련 무료 프로그램 모음

디지털 포렌식 공부를 하면서 사용했었던 프로그램들을 소개해드리겠습니다.

추후 제가 추가로 접하는 프로그램들 또한 지속적으로 업데이트할 예정입니다.

공식 배포 홈페이지가 따로 있는 경우 댓글로 알려주시면 감사하겠습니다.

포스팅 업데이트 최신 날짜 : 2023-01-13

 

---

디지털 포렌식 관련 무료 프로그램 모음

 AmCache

AmcacheParser

http://ericzimmerman.github.io/#!index.md

 

AppCompatCache(ShimCache)

AppCompatCacheParser

http://ericzimmerman.github.io/#!index.md

 

이벤트 로그

Evtx Explorer/EvtxECmd

http://ericzimmerman.github.io/#!index.md

LogParserStudio2(LPSV2.D2)

https://techcommunity.microsoft.com/t5/exchange-team-blog/introducing-log-parser-studio/ba-p/601131

MessageAnalyzer64

https://microsoft-message-analyzer.software.informer.com/download/#downloading

 

Hash

HashCalc

https://www.slavasoft.com/hashcalc/

HashTab

http://implbits.com/products/hashtab/

 

Jumplist

JLECmd, JumpList Explorer

http://ericzimmerman.github.io/#!index.md

JumplistView

https://www.nirsoft.net/utils/jump_lists_view.html

 

link file

LECmd

http://ericzimmerman.github.io/#!index.md

LinkParser

https://4discovery.com/our-tools/link-parser/

 

File System(MFT, Log, Data)

MFTECmd, MFTExplorer

http://ericzimmerman.github.io/#!index.md

analyzeMFT Python Code

https://github.com/dkovar/analyzeMFT

https://kkoha.tistory.com/entry/analyzeMFT-204

NTFS Log Tracker

https://sites.google.com/site/forensicnote/ntfs-log-tracker?fbclid=IwAR2P6h8xdxXLdUFVE2SFjORLPGaPRGctdoV3-40-YlcS0fkWduaXKkU3VEk 

NTFS Data Tracker

https://sites.google.com/site/forensicnote/ntfs-data-tracker?fbclid=IwAR3WulLe85esgaX0mHK__7_nwBkfOdjfjngPNdXjr4cQeTiuZeefxe0jGKs 

 

Prefetch

PECmd

http://ericzimmerman.github.io/#!index.md

WinPrefetchView

https://www.nirsoft.net/utils/win_prefetch_view.html

 

Registry

Registry Explorer/RECmd

http://ericzimmerman.github.io/#!index.md

REGA

http://forensic.korea.ac.kr/tools.html

RegRipper

https://github.com/keydet89/RegRipper3.0

 

Shellbags

ShellBags Explorer

http://ericzimmerman.github.io/#!index.md

ShellBags View

https://www.nirsoft.net/utils/shell_bags_view.html

 

SRUM(SRUDB.dat)

SrumECmd

http://ericzimmerman.github.io/#!index.md

NetworkUsageView

https://www.nirsoft.net/utils/network_usage_view.html

 

Windows10 Timeline db

WxTCmd

http://ericzimmerman.github.io/#!index.md

 

Image Mount / Disk Imaging

Arsenal Image Mounter(Image Mount)

https://arsenalrecon.com/downloads/

FTK Imager(Image Mount, Disk Imaging, File Restore(파일 복구))

https://accessdata.com/product-download/ftk-imager-version-4-5

 

Web Browser

Browsing History View

https://www.nirsoft.net/utils/browsing_history_view.html

Chrome Cache View

https://www.nirsoft.net/utils/chrome_cache_view.html

IE Cache View

https://www.nirsoft.net/utils/ie_cache_viewer.html

WEFA

http://forensic.korea.ac.kr/tools.html

Index.dat Analyzer v2.5

https://www.systenance.com/indexdat.php

 

USB

USB Forensic Tracker

http://www.orionforensics.com/forensics-tools/usb-forensic-tracker/

 

Exif File

Exif Pilot

https://www.colorpilot.com/exif.html

Exiftool

https://exiftool.org/

 

GPS

GPS Route Editor

http://www.gpsnote.net/

 

Volume Shadow Copy Service(VSS)

Shadow Explorer

https://www.shadowexplorer.com/downloads.html

VSCToolset

https://df-stream.com/vsc-toolset/

 

MS Outlook

Kernel PST Viewer

https://www.nucleustechnologies.com/pst-viewer.html

Kernel OST Viewer

https://www.nucleustechnologies.com/ost-viewer.html

SysTools DBX Converter

https://download.cnet.com/SysTools-DBX-Converter/3000-2369_4-76172720.html

 

Hex Editor

HxD

https://mh-nexus.de/en/hxd/

 

SQLite

DB Browser for SQLite

https://sqlitebrowser.org/

 

ShellCode

scdbg.exe

http://sandsprite.com/blogs/index.php?uid=7&pid=152 

 

File Structure

Structured Storage Viewer(SSView)

https://www.mitec.cz/ssv.html

 

Strings

Strings

https://docs.microsoft.com/en-us/sysinternals/downloads/strings

 

Memory

Volatility 2.6

https://www.volatilityfoundation.org/26

Volatility 3.x

https://github.com/volatilityfoundation/volatility3

DumpIt

https://github.com/Crypt2Shell/Comae-Toolkit

GIMP

https://www.gimp.org/

Magnet Dumpit for Windows

https://www.magnetforensics.com/resources/magnet-dumpit-for-windows/?utm_source=Pardot&utm_medium=Email&utm_campaign=Free_Tools_DumpIt_for_Windows_Requests_Email_Announcement 

Magnet Dumpit for Linux

https://github.com/MagnetForensics/dumpit-linux

 

Steganography

Stegsolve.jar

http://www.caesum.com/handbook/stego.htm

OpenStego

https://www.openstego.com/

OpenPuff

https://embeddedsw.net/OpenPuff_Steganography_Home.html

Audacity

https://www.audacityteam.org/

AudioPaint

https://www.softpedia.com/get/Multimedia/Audio/Other-AUDIO-Tools/AudioPaint.shtml

FL Studio

https://www.image-line.com/

기타 스테가노그래피 프로그램 모음

http://www.jjtc.com/Steganography/tools.html

 

ADS(Alternate Data Stream)

Sysinternals Streams.exe

https://docs.microsoft.com/en-us/sysinternals/downloads/streams

nirsoft AlternateStreamView.exe

https://www.nirsoft.net/utils/alternate_data_streams.html

CMD/PowerShell로 분석

https://present4n6.tistory.com/76?category=904227 

 

Mobile

ALEAPP

https://github.com/abrignoni/ALEAPP

 

통합 분석 프로그램

Autopsy

https://www.autopsy.com/download/

 

아티팩트 크롤러

KAPE

https://www.kroll.com/en/services/cyber-risk/incident-response-litigation-support/kroll-artifact-parser-extractor-kape