Mobile Verification Toolkit (MVT) is a collection of utilities to simplify and automate the process of gathering forensic traces helpful to identify a potential compromise of Android and iOS devices.
It has been developed and released by the Amnesty International Security Lab in July 2021 in the context of the Pegasus project along with a technical forensic methodology and forensic evidences.
Warning: this tool has been released as a forensic tool for a technical audience. Using it requires some technical skills such as understanding basics of forensic analysis and using command line tools.
tcpxtract is a tool for extracting files from network traffic based on file signatures.
Data forensics software for Windows. Useful for finding lost and hidden data by examining disk sectors directly, not file system extents. Free to download and use. Supports Windows 95 through Windows XP.
An archive of free-to-download and use disk images for practicing your data forensics fu or testing file carving tools.
A website that does online error level analysis of images (either linked or uploaded) to help determine whether or not they've been edited, and if so which bits were changed. Error level analysis is a technique in which the error level potentials of image files are mapped with algorithms developed and published by Dr. Neil Krawetz. Alterations tend to show up as having higher error potentials than the unmodified parts of the image (which have probably been saved a few times, and thus noise has crept in).
python module for extracting text from different documents. Can also be used as a CLI utility. Can work with text-based formats like CSV, JSON, and HTML. Can work with binary formats like MS Word, MP3, and PDF. The list is fairly extensive.
4476 links, including 318 private