Autopsy - Open source digital forensics platform to analyze hard drives and smart phones https://www.autopsy.com
EnCase - Commercial computer forensics software for e-discovery and investigations by OpenText https://www.opentext.com/products-and-solutions/products/software/encase-platform
AccessData (FTK) - Forensic toolkit computer investigation software by AccessData
Sleuth Kit - Open source digital forensics tools for analyzing disk images and file systems https://www.sleuthkit.org
Volatility - Memory forensics framework to analyze volatile memory dumps and artifacts https://www.volatilityfoundation.org/
Wireshark - Network protocol analyzer useful for network forensics and traffic analysis https://www.wireshark.org
Cellebrite UFED - Commercial mobile forensic software to extract data from phones and tablets https://www.cellebrite.com/en/ufed-ultimate/
Email Collector - Tool to collect and analyze email data during investigations https://www.accessdata.com/products-services/e-discovery/email-examination/ftk-email-collector
Forensics (DFF) - Digital forensics framework, an open source platform for investigations https://github.com/arxsys/dff
Magnet AXIOM - Commercial digital investigations platform from Magnet Forensics https://www.magnetforensics.com/products/magnet-axiom/
OSForensics - Specialized forensics tools for Microsoft systems from PassMark https://www.osforensics.com/
NetworkMiner - Open source network forensic analyzer useful for investigating traffic http://www.netresec.com/?page=NetworkMiner
RegRipper - Tool to parse Windows registry files and dig for useful data https://github.com/keydet89/RegRipper3.0
Bulk Extractor - Scans disk images and extract interesting bits of data https://github.com/simsong/bulk_extractor
Ghiro - Web site screenshots and analysis for forensic investigations http://www.getghiro.org/
Scalpel - File carver which recovers files based on headers and footers http://www.digitalforensicssolutions.com/Scalpel/
HxD - Hex editor useful for analyzing raw disk and memory dumps https://mh-nexus.de/en/hxd/
TestDisk - Data recovery tool, useful when file systems get corrupted https://www.cgsecurity.org/wiki/TestDisk
PhotoRec - Recovery tool specifically focused on photos and media files https://www.cgsecurity.org/wiki/PhotoRec
CAINE - Italian GNU/Linux live distribution with many forensics tools https://www.caine-live.net
Axiom Cyber - Commercial digital forensics and incident response platform https://axiomcyber.com/axiom-cyber/
Belkasoft Evidence - Commercial all-in-one forensics solution for Windows, mobile etc https://belkasoft.com/evidence
Fibratus - Tool to explore and trace Windows kernel activity and data https://www.jpcert.or.jp/english/pub/sr/ir_research.html
Autopsy Browser - GUI interface for autopsy digital forensics platform https://www.autopsy.com/browser/
Kali Linux - Penetration testing Linux distribution with many useful security tools https://www.kali.org
DEFT - Linux distribution configured specifically for computer forensics http://www.deftlinux.net
Volatility Framework - Advanced memory forensics framework with plugins and APIs https://www.volatilityfoundation.org/
PyFlag - Legacy Australian forensic and log analysis GUI platform http://www.pyflag.net
Plaso (log2timeline) - Extract timestamps from various logs and aggregate timeline https://plaso.readthedocs.io/en/latest/sources/user/log2timeline.html
TSK (The Sleuth Kit) - File system and disk analysis tools originally focussed on NTFS https://www.sleuthkit.org/sleuthkit/
Redline - Host investigations and malware analysis tool by FireEye https://www.fireeye.com/services/freeware/redline.html
Snort - Open source intrusion detection and network monitoring system https://www.snort.org
Tcpdump - Capture and analyze network traffic on Unix-like systems https://www.tcpdump.org
Ngrep - Search within network traffic payloads like grep for text streams http://ngrep.sourceforge.net/
dcfldd - Disk cloning and forensics tool, version of dd with hashing https://dcfldd.sourceforge.net/
Wireshark - Network traffic analyzer useful for network forensics https://www.wireshark.org
SIFT (SANS) - Ubuntu-based distribution for forensic analysis https://digital- forensics.sans.org/community/downloads
Paladin - USB image mounted as virtual drive with write-protection https://sumuri.com/software/paladin/
CAINE Live - Self-contained bootable forensic environment https://www.caine-live.net/page5/page5.html
XRY (XAMN) - Commercial mobile forensic software to analyze phones https://msab.com/xry/