Volatility alternatives

Looking for a better tool, or simply want to learn about alternatives? There is typically more than one option.

Alternatives (by tag)

64

Alternative: dfis (Digital Forensic Investigative Scripts)

Digital Forensic Investigative Scripts, or dfis, is a collection of scripts that can be used during forensic investigations.

Project details

dfis is written in Perl.

Strengths

  • + The source code of this software is available
  • + Well-known author

Weaknesses

  • - No updates for a while

Typical usage

  • digital forensics

dfis project page

60

Alternative: shellbags

Shellbags is a script written in Python to parse the Windows Registry file. It extract related information from directories browsed by Explorer.

Project details

shellbags is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • digital forensics

shellbags project page

64

Alternative: Bitscout

Bitscout is a security tool that allows professionals performing digital forensics remotely. The toolkit creates a live-cd for this purpose.

Project details

Bitscout is written in shell script.

Strengths

  • + Used language is shell script
  • + The source code of this software is available

Typical usage

  • digital forensics

Bitscout project page

96

Alternative: The Sleuth Kit

The Sleuth Kit is a toolkit to investigate disk images and do forensic analysis on them.

The Sleuth Kit allows you to analyze volume and file system data on disk images. By its modular design, it can be used to carve out the right data, find evidence, and use it for digital forensics.

Project details

The Sleuth Kit is written in C.

Strengths

  • + More than 50 contributors
  • + More than 1000 GitHub stars
  • + The source code of this software is available
  • + Well-known tool

Typical usage

  • digital forensics

The Sleuth Kit project page

60

Alternative: ThreatPinch Lookup

ThreatPinch is a Chrome extension to perform information lookups on data artifacts like domain names, hashes, IP addresses, and more.

Project details

ThreatPinch Lookup is written in JavaScript.

Strengths

  • + Many integration possibilities available

Weaknesses

  • - Unknown project license

Typical usage

  • information gathering
  • threat hunting

ThreatPinch Lookup project page

56

Alternative: AESKeyFinder

AESKeyFinder is a tool to find 128-bit and 256-bit AES keys in a memory image.

AESKeyFinder uses various algorithms to perform entropy tests and filter out blocks that are not AES keys. The remaining blocks are then displayed as possible AES keys.

Project details

Strengths

  • + The source code of this software is available

Weaknesses

  • - No proper description on website
  • - No updates for a while

Typical usage

  • data extraction

AESKeyFinder project page