Linux DFIR tools

Disk platter with head related to digital forensics

Introduction

The Linux operating system is deemed secure by default. While it has a strong core, breaches will happen. With Internet-of-Things and other developments, the number of breaches may even increase further. So it is expected that the demand for digital forensics and incident response (DFIR) will increase as well.

Usage

Linux DFIR tools are typically used for digital forensics and incident response.

Users for these tools include forensic specialists.

Tools

dfis (DFIR toolkit)

digital forensics

This toolkit of scripts are made by Hal to help in forensic assignments. They make several parts of the job easier, like converting data to another format for further processing.

Volatility (memory forensics framework)

digital forensics

Volatile memory framework used for forensics and analysis purposes. The framework is written in Python and runs on almost all platforms.

Missing a favorite tool in this list? Share a tool suggestion and we will review it.