The app-forensics category contains software which helps detect and analyse security breaches.
| afflib | Library that implements the AFF image standard |
|---|---|
| afl | american fuzzy lop - compile-time instrumentation fuzzer |
| aide | AIDE (Advanced Intrusion Detection Environment) is a file integrity checker |
| air | A GUI front-end to dd/dc3dd |
| chkrootkit | Tool to locally check for signs of a rootkit |
| cmospwd | CmosPwd decrypts password stored in cmos used to access BIOS SETUP |
| dfxml | Digital Forensics XML |
| examiner | Utilizes the objdump command to disassemble and comment foreign binaries |
| foremost | A console program to recover files based on their headers and footers |
| galleta | IE Cookie Parser |
| honggfuzz | A general purpose fuzzer with feedback support |
| libbfio | Library for providing a basic file input/output abstraction layer |
| libewf | Implementation of the EWF (SMART and EnCase) image format |
| lynis | Security and system auditing tool |
| mac-robber | mac-robber is a digital forensics and incident response tool that collects data |
| magicrescue | Find deleted files in block devices |
| memdump | Simple memory dumper for UNIX-Like systems |
| openscap | Framework which enables integration with Security Content Automation Protocol |
| ovaldi | Free implementation of OVAL |
| pasco | IE Activity Parser |
| quickfuzz | An experimental grammar fuzzer in Haskell using QuickCheck |
| radamsa | A general purpose fuzzer |
| rifiuti | Recycle Bin Analyzer |
| rkhunter | Rootkit Hunter scans for known and unknown rootkits, backdoors, and sniffers |
| scalpel | A high performance file carver |
| sleuthkit | A collection of file system and media management forensic analysis tools |
| unhide | A forensic tool to find hidden processes and TCP/UDP ports by rootkits/LKMs |
| volatility | Framework for analyzing volatile memory |
| yasat | Security and system auditing tool |
| zzuf | Transparent application input fuzzer |