Your use of the packages on this site means you understand they are not supported or guaranteed in any way. Due to the nature of a public repository and unreliability due to distribution rights, these packages should not be used as is for organizational purposes either. Learn more.

  1. C:\> choco install sandboxie.install

    Package testing. See package page for more details. Sandboxie (Install) 5.26

    By:

    A process sandbox helps to manage and limit access permissions a process has to your data. Use it to safely test new software for usability, safely study behavior of known spyware and malware, or browse the web from a sandboxed browser to completely shield your computer and network from Internet Bad Things. ### Features * Secure Web Browsing: Run... More information

  2. C:\> choco install sandboxie

    Package testing. See package page for more details. Sandboxie 5.26

    By:

    A process sandbox helps to manage and limit access permissions a process has to your data. Use it to safely test new software for usability, safely study behavior of known spyware and malware, or browse the web from a sandboxed browser to completely shield your computer and network from Internet Bad Things. ### Features * Secure Web Browsing: Run... More information

  3. C:\> choco install ericzimmermantools

    Package testing. See package page for more details. Eric Zimmerman's tools 2.5.2.0

    By:

    Installs tools for lnk files, jump lists, Registry hives, hashing, and much more

  4. C:\> choco install timelineexplorer

    Package testing. See package page for more details. Timeline Explorer 0.8.8.0

    By:

    Allows for instant filtering, searching, sorting, grouping, and contains a details view that makes reviewing complex entries much easier

  5. C:\> choco install registryexplorer

    Package testing. See package page for more details. Registry Explorer 1.1.0.61

    By:

    Supports recovery of deleted keys and values, multi hive support, the fastest searching, viewing slack space, plugin support, and much more

  6. C:\> choco install shellbagsexplorer

    Package testing. See package page for more details. ShellBags Explorer 1.1.0.1

    By:

    Comprehensive support for all known shell item types, exporting, filtering, sorting, file system detecion, and more!

  7. C:\> choco install appcompat-cacheparser

    Package testing. See package page for more details. AppCompatCache parser 1.2.0.0

    By:

    AppCompatCache parser used to show evidence of execution

  8. C:\> choco install lecmd

    Package testing. See package page for more details. LECmd 1.1.0.2

    By:

    LECmd supports all lnk file structures and exports to a wide variety of formats

  9. C:\> choco install amcacheparser

    Package testing. See package page for more details. Amcache parser 1.2.0.0

    By:

    Amcache parser with advanced features such as whitelisting, data reduction, and various export formats

  10. C:\> choco install iisgeolocate

    Package testing. See package page for more details. iisGeolocate 1.4.0.0

    By:

    Adds geolocation information to IIS logs and extracts all unique IP addresses from said logs to a file

  11. C:\> choco install pecmd

    Package testing. See package page for more details. PECmd 1.2.0.0

    By:

    Fully parses Windows prefetch files (XP-Windows 10) and allows for exporting in a wide variety of formats, keyword hits in contents, etc. Windows 10 prefetch support requires running on Windows 8 or later

  12. C:\> choco install xwfim

    Package testing. See package page for more details. XWFIM 1.9.0.0

    By:

    One click installation and updating of all X-Ways software including Forensics, Imager, and Investigator. Can also build portable installations, and validate installs

  13. C:\> choco install jumplistexplorer

    Package testing. See package page for more details. JumpList Explorer 0.7.0.1

    By:

    JumpList Explorer parses and allows for exporting details from custom and automatic destination jumplists. Allows for dumping all lnk files from jumplists, and more

  14. C:\> choco install bstrings

    Package testing. See package page for more details. bstrings 1.4.1.0

    By:

    Contains built in regex for searching for common things like URLs, emails, IPs, and more. Very fast and works against files of any size

  15. C:\> choco install timeapp

    Package testing. See package page for more details. TimeApp 1.3.2.0

    By:

    TimeApp is useful for testing when interacting with a system to have a record of when something happened. Recording the screen with TimeApp running allows for going back through a video to compare the actual time with various artifacts in the Registry and elsewhere

  16. C:\> choco install hasher-erz

    Package testing. See package page for more details. Hasher 1.9.0.0

    By:

    Hash files or entire directories using a wide variety of file hashes

  17. C:\> choco install radare

    Package testing. See package page for more details. radare (Install) 2.7.0

    By:

    Radare is a portable reversing framework that can... * Disassemble (and assemble for) many different architectures * Debug with local native and remote debuggers (gdb, rap, webui, r2pipe, winedbg, windbg) * Run on Linux, *BSD, Windows, OSX, Android, iOS, Solaris and Haiku * Perform forensics on filesystems and data carving * Be scripted in Python, ... More information

  18. C:\> choco install sleuthkit

    Package testing. See package page for more details. sleuthkit 4.4.0

    By:

    The Sleuth Kit: Forensics Tools

  19. C:\> choco install sdbexplorer

    Package testing. See package page for more details. SDB Explorer 0.6.0.0

    By:

    SDB Explorer parses and allows for interacting with contents of SDB databases. View binary patch contents, dump strings, and more.

  20. C:\> choco install mftecmd

    Package testing. See package page for more details. MFTECmd 0.3.0.0

    By:

    MFTECmd exports to CSV and allows viewing of full entry details by entry/sequence #s

  21. C:\> choco install netfoxdetective

    Package testing. See package page for more details. NetfoxDetective 0.9.1

    By:

    NFX Detective is a novel Network forensic analysis tool that implements methods for extraction of application content from communication using supported protocols.

  22. C:\> choco install vscmount

    Package testing. See package page for more details. VSCMount 0.5.2.0

    By:

    Given a drive letter and a directory, mount all VSCs from drive letter onto directory