Forensics

• CAINE – http://www.caine-live.net/
• Mobius Forensics Toolkit – http://freshmeat.net/projects/mobiusft
• Process Hacker – http://processhacker.sourceforge.net/
• Netwitness Free Edition – http://www.netwitness.com/
• Volatility – https://www.volatilesystems.com/default/volatility/: extract digital artifacts from volatile memory (RAM) samples – [Python based]
• SandMan – http://sandman.msuiche.net: read the hibernation file, regardless of Windows version – [Python based]
• LibForensics – http://code.google.com/p/libforensics/: library for developing digital forensics applications – [Python based]
• TrIDLib – http://mark0.net/code-tridlib-e.html: identify file types from their binary signatures. Now includes Python binding – [Python based]