Artifact Analysis Registry/Event Analysis NTFS Analysis Network Utilities PE Utilities Miscellaneous
Artifact Analysis (top)
Windows Prefetch Parser (pf)
| 32-bit Version | 64-bit Version | |||
| Windows: | pf32.v.0.95.win.zip | pf64.v.0.95.win.zip | md5/sha1 | |
| Linux: | pf32.v.0.95.lin.tar.gz* | pf64.v.0.95.lin.tar.gz | md5/sha1 | |
| Mac OS X: | pf.v.0.95.osx.tar.gz | pf.v.0.95.osx.tar.gz | md5/sha1 | |
Windows 'index.dat' Parser (id)
| 32-bit Version | 64-bit Version | |||
| Windows: | id32.v.0.55.win.zip | id64.v.0.55.win.zip | md5/sha1 | |
| Linux: | id32.v.0.55.lin.tar.gz* | id64.v.0.55.lin.tar.gz | md5/sha1 | |
| Mac OS X: | id.v.0.55.osx.tar.gz | id.v.0.55.osx.tar.gz | md5/sha1 | |
Windows LNK Parsing Utility (lp)
| 32-bit Version | 64-bit Version | |||
| Windows: | lp32.v.0.48.win.zip | lp64.v.0.48.win.zip | md5/sha1 | |
| Linux: | lp32.v.0.48.lin.tar.gz* | lp64.v.0.48.lin.tar.gz | md5/sha1 | |
| Mac OS X: | lp.v.0.48.osx.tar.gz | lp.v.0.48.osx.tar.gz | md5/sha1 | |
Windows USB Storage Parser (usp)
| 32-bit Version | 64-bit Version | |||
| Windows: | usp32.v.0.16.win.zip | usp64.v.0.16.win.zip | md5/sha1 | |
| Linux: | usp32.v.0.16.lin.tar.gz* | usp64.v.0.16.lin.tar.gz | md5/sha1 | |
| Mac OS X: | usp.v.0.16.osx.tar.gz | usp.v.0.16.osx.tar.gz | md5/sha1 | |
Registry and Event Log Analysis (top)
Yet Another Registry Utility (yaru)
| 32-bit Version | 64-bit Version | |||
| Windows: | yaru32.v.1.17.win.zip | yaru64.v.1.17.win.zip | md5/sha1 | |
| Linux: | yaru32.v.1.17.lin.tar.gz * | yaru64.v.1.17.lin.tar.gz | md5/sha1 | |
| Mac OS X: | Not Available | yaru.v.1.17.osx.tar.gz | md5/sha1 | |
Windows Event Log Viewer (evtx_view)
| 32-bit Version | 64-bit Version | |||
| Windows: | evtx_view32.v.0.65.win.zip | evtx_view64.v.0.65.win.zip | md5/sha1 | |
| Linux: | evtx_view32.v.0.65.lin.tar.gz * | evtx_view64.v.0.65.lin.tar.gz | md5/sha1 | |
| Mac OS X: | Not Available | evtx_view.v.0.65.osx.tar.gz | md5/sha1 | |
Windows ShellBag Parser (sbag)
| 32-bit Version | 64-bit Version | |||
| Windows: | sbag32.v.0.22.win.zip | sbag64.v.0.22.win.zip | md5/sha1 | |
| Linux: | sbag32.v.0.22.lin.tar.gz* | sbag64.v.0.22.lin.tar.gz | md5/sha1 | |
| Mac OS X: | sbag.v.0.22.osx.tar.gz | sbag.v.0.22.osx.tar.gz | md5/sha1 | |
NTFS Filesystem Analysis (top)
Windows Journal Parser (jp)
| 32-bit Version | 64-bit Version | |||
| Windows: | jp32.v.0.99.win.zip | jp64.v.0.99.win.zip | md5/sha1 | |
| Linux: | jp32.v.0.99.lin.tar.gz* | jp64.v.0.99.lin.tar.gz | md5/sha1 | |
| Mac OS X: | jp.v.0.99.osx.tar.gz | jp.v.0.99.osx.tar.gz | md5/sha1 | |
NTFS Directory Enumerator (ntfsdir)
| 32-bit Version | 64-bit Version | |||
| Windows: | ntfsdir32.v.1.00.win.zip | ntfsdir64.v.1.00.win.zip | md5/sha1 | |
| Linux: | ntfsdir32.v.1.00.lin.tar.gz* | ntfsdir64.v.1.00.lin.tar.gz | md5/sha1 | |
| Mac OS X: | ntfsdir.v.1.00.osx.tar.gz | ntfsdir.v.1.00.osx.tar.gz | md5/sha1 | |
NTFS File Copy Utility (ntfscopy)
| 32-bit Version | 64-bit Version | |||
| Windows: | ntfscopy32.v.0.68.win.zip | ntfscopy64.v.0.68.win.zip | md5/sha1 | |
| Linux: | ntfscopy32.v.0.68.lin.tar.gz* | ntfscopy64.v.0.68.lin.tar.gz | md5/sha1 | |
| Mac OS X: | ntfscopy.v.0.68.osx.tar.gz | ntfscopy.v.0.68.osx.tar.gz | md5/sha1 | |
Windows $MFT and NTFS Metadata Extractor Tool (ntfswalk)
| 32-bit Version | 64-bit Version | |||
| Windows: | ntfswalk32.v.0.40.win.zip | ntfswalk64.v.0.40.win.zip | md5/sha1 | |
| Linux: | ntfswalk32.v.0.40.lin.tar.gz* | ntfswalk64.v.0.40.lin.tar.gz | md5/sha1 | |
| Mac OS X: | ntfswalk.v.0.40.osx.tar.gz | ntfswalk.v.0.40.osx.tar.gz | md5/sha1 | |
Network Support Utilities (top)
DNS Query Utility (dqu)
| 32-bit Version | 64-bit Version | |||
| Windows: | dqu32.v.0.13.win.zip | dqu64.v.0.13.win.zip | md5/sha1 | |
| Linux: | dqu32.v.0.13.lin.tar.gz* | dqu64.v.0.13.lin.tar.gz | md5/sha1 | |
| Mac OS X: | dqu.v.0.13.osx.tar.gz | dqu.v.0.13.osx.tar.gz | md5/sha1 | |
Packet Capture ICMP Carver (pic)
| 32-bit Version | 64-bit Version | |||
| Windows: | pic32.v.0.04.win.zip | pic64.v.0.04.win.zip | md5/sha1 | |
| Linux: | pic32.v.0.04.lin.tar.gz* | pic64.v.0.04.lin.tar.gz | md5/sha1 | |
| Mac OS X: | Not Available | Not Available | ||
Network Xfer Client/Server Utility (nx)
| 32-bit Version | 64-bit Version | |||
| Windows: | nx32.v.0.06.win.zip | nx64.v.0.06.win.zip | md5/sha1 | |
| Linux: | nx32.v.0.06.lin.tar.gz* | nx64.v.0.06.lin.tar.gz | md5/sha1 | |
| Mac OS X: | nx.v.0.06.osx.tar.gz | nx.v.0.06.osx.tar.gz | md5/sha1 | |
Portable Executable Utilities (top)
Windows Portable Executable Viewer (pe_view)
| 32-bit Version | 64-bit Version | |||
| Windows: | pe_view32.v.0.82.win.zip | pe_view64.v.0.82.win.zip | md5/sha1 | |
| Linux: | pe_view32.v.0.82.lin.tar.gz* | pe_view64.v.0.82.lin.tar.gz | md5/sha1 | |
| Mac OS X: | pe_view.v.0.82.osx.tar.gz | pe_view.v.0.82.osx.tar.gz | md5/sha1 | |
Portable Executable Scanner (pescan)
| 32-bit Version | 64-bit Version | |||
| Windows: | pescan32.v.0.16.win.zip | pescan64.v.0.16.win.zip | md5/sha1 | |
| Linux: | pescan32.v.0.16.lin.tar.gz* | pescan64.v.0.16.lin.tar.gz | md5/sha1 | |
| Mac OS X: | pescan.v.0.16.osx.tar.gz | pescan.v.0.16.osx.tar.gz | md5/sha1 | |
Miscellaneous Tools (top)
Windows Symbol Fetch Utility (sf)
| 32-bit Version | 64-bit Version | |||
| Windows: | sf32.v.0.24.win.zip | sf64.v.0.24.win.zip | md5/sha1 | |
| Linux: | Not Available | Not Available | ||
| Mac OS X: | Not Available | Not Available | ||
| *32bit apps can run in a 64bit linux distribution if "ia32-libs" (and dependencies) are present. |