Linux DFIR tools

Disk platter with head related to digital forensics


The Linux operating system is deemed secure by default. While it has a strong core, breaches will happen. With Internet-of-Things and other developments, the number of breaches may even increase further. So it is expected that the demand for digital forensics and incident response (DFIR) will increase as well.


Linux DFIR tools are typically used for digital forensics and incident response.

Users for these tools include forensic specialists.


Popular Linux DFIR tools

Volatility (memory forensics framework)

digital forensics

Volatile memory framework used for forensics and analysis purposes. The framework is written in Python and runs on almost all platforms.

dfis (DFIR toolkit)

digital forensics

This toolkit of scripts are made by Hal to help in forensic assignments. They make several parts of the job easier, like converting data to another format for further processing.

Missing a favorite tool in this list? Share a tool suggestion and we will review it.

Related topics

Looking for more specific topics within this tool group? Have a look at the following relevant topics.