File system forensics tools

Tools

radare2 (reverse engineering tool and binary analysis)

digital forensics, reverse engineering, software exploitation, troubleshooting

Radare2 is a popular framework to perform reverse engineering on many different file types. It can be used to analyze malware, firmware, or any other type of binary files. Besides reverse engineering, it can be used for forensics on filesystems and do data carving. Tasks can be scripted and support languages like JavaScript, Go, and Python. Even software exploitation is one of the functions it can be used in.

The Sleuth Kit (toolkit for forensics)

criminal investigations, digital forensics, file system analysis

The Sleuth Kit is a forensics tool to analyze volume and file system data on disk images. With its modular design, it can be used to carve out the right data, find evidence, and use it for digital forensics.

Missing a favorite tool in this list? Share a tool suggestion and we will review it.