Volatility Memory Forensic Tool.

Volatility helps identify malicious processes, networking, open connections, etc. in the compromised system. With the program you can take a dump of the RAM and analyze it.

The Volatility Foundation is an independent 501(c) (3) non-profit organization that maintains and promotes open source memory forensics with The Volatility Framework.

p0f - A Passive Traffic Fingerprint Mechanism.

Guymager - Forensics Program For Media Acquisition.

The forensic imager contained in this package, guymager, was designed to support different image file formats, to be most user-friendly and to run really fast. It has a high speed multi-threaded engine using parallel compression for best performance on multi-processor and hyper-threading machines.

Version: 0.8.13
License: GPLv2

extundelete For Linux.

extundelete is a utility for Linux that can recover deleted files from an ext3 or ext4 partition.

Ext3 and Ext4 file systems are the most common default file systems in Linux distributions such as Debian, Mint, Mageia or Ubuntu.

extundelete uses information stored in the partition journal to try to recover a file that has been removed from the partition.

dc3dd - A Patched Version Of GNU dd For Linux.

dc3dd is a patched version of GNU dd with additional features for computer forensics, hashing (md5, sha-1, sha-256 and sha-512) * possibility to write a file error * group error in error log * pattern deletion * progress report * ability to share output.

Highlights include hashing on-the-fly, split output files, pattern writing, a progress meter, and file verification.

Binwalk - Search For Particular Binary Image.

Binwalk is a tool to search for a particular binary image for embedded files and executable code. Specifically, it is designed to identify files and code embedded within firmware images.

Binwalk uses the libmagic library so it is compatible with magic signatures created for the Unix file tool.