A process sandbox helps to manage and limit access permissions a process has to your data. Use it to safely test new software for usability, safely study behavior of known spyware and malware, or browse the web from a sandboxed browser to completely shield your computer and network from Internet Bad Things. ### Features * Secure Web Browsing: Run... More information

A process sandbox helps to manage and limit access permissions a process has to your data. Use it to safely test new software for usability, safely study behavior of known spyware and malware, or browse the web from a sandboxed browser to completely shield your computer and network from Internet Bad Things. ### Features * Secure Web Browsing: Run... More information

Installs tools for lnk files, jump lists, Registry hives, hashing, and much more

Allows for instant filtering, searching, sorting, grouping, and contains a details view that makes reviewing complex entries much easier

Supports recovery of deleted keys and values, multi hive support, the fastest searching, viewing slack space, plugin support, and much more

Comprehensive support for all known shell item types, exporting, filtering, sorting, file system detecion, and more!

AppCompatCache parser used to show evidence of execution

LECmd supports all lnk file structures and exports to a wide variety of formats

Amcache parser with advanced features such as whitelisting, data reduction, and various export formats

Fully parses Windows prefetch files (XP-Windows 10) and allows for exporting in a wide variety of formats, keyword hits in contents, etc. Windows 10 prefetch support requires running on Windows 8 or later

Adds geolocation information to IIS logs and extracts all unique IP addresses from said logs to a file

JumpList Explorer parses and allows for exporting details from custom and automatic destination jumplists. Allows for dumping all lnk files from jumplists, and more

One click installation and updating of all X-Ways software including Forensics, Imager, and Investigator. Can also build portable installations, and validate installs

Contains built in regex for searching for common things like URLs, emails, IPs, and more. Very fast and works against files of any size

TimeApp is useful for testing when interacting with a system to have a record of when something happened. Recording the screen with TimeApp running allows for going back through a video to compare the actual time with various artifacts in the Registry and elsewhere

Radare is a portable reversing framework that can... * Disassemble (and assemble for) many different architectures * Debug with local native and remote debuggers (gdb, rap, webui, r2pipe, winedbg, windbg) * Run on Linux, *BSD, Windows, OSX, Android, iOS, Solaris and Haiku * Perform forensics on filesystems and data carving * Be scripted in Python, ... More information

Hash files or entire directories using a wide variety of file hashes

The Sleuth Kit: Forensics Tools

MFTECmd exports to CSV and allows viewing of full entry details by entry/sequence #s

SDB Explorer parses and allows for interacting with contents of SDB databases. View binary patch contents, dump strings, and more.

NFX Detective is a novel Network forensic analysis tool that implements methods for extraction of application content from communication using supported protocols.

Given a drive letter and a directory, mount all VSCs from drive letter onto directory

Parses both INFO2 and $I formats