Windows Forensics Tools – 2025 Comprehensive Edition

All-in-One Suites

Autopsy
GUI file system, artifact, and timeline analysis
https://www.autopsy.com/download/
SIFT Workstation
Ubuntu-based VM with integrated forensic tools
https://www.sans.org/tools/sift-workstation
Magnet AXIOM
Unified PC, cloud, and mobile analysis (commercial)
https://www.magnetforensics.com/products/axiom/
OSForensics
Disk, search, and artifact analysis
https://www.osforensics.com/download.html

FTK Imager
Disk imaging, evidence preview, data export
https://accessdata.com/product-download/ftk-imager-version-4-5
X-Ways Forensics
Advanced disk and data analysis (commercial)
https://www.x-ways.net/forensics/
The Sleuth Kit (TSK)
CLI for file system, metadata, deleted files
https://github.com/sleuthkit/sleuthkit
Bulk Extractor
Extract artifacts from disk images
https://github.com/simsong/bulk_extractor
DiskDigger
Data recovery and file analysis
https://diskdigger.org/

Volatility
Comprehensive memory analysis framework
https://www.volatilityfoundation.org/
Rekall
Open-source memory forensics suite
http://www.rekall-forensic.com/
Belkasoft RAM Capturer
Acquire volatile memory images
https://belkasoft.com/ram-capturer
DumpIt
Fast memory dump capture tool
https://github.com/TechPathWay/Dumpit

RegRipper
Extracts and parses registry hives
https://github.com/keydet89/RegRipper3.0
Registry Explorer
Advanced GUI registry viewer
https://ericzimmerman.github.io/#!index.md
RECmd
CLI registry analysis solution
https://ericzimmerman.github.io/#!index.md

LogParser
Query and parse Windows event logs
https://www.microsoft.com/en-us/download/details.aspx?id=24659
EvtxECmd
Fast EVTX log parser
https://ericzimmerman.github.io/#!index.md
Chainsaw
Fast detection for Windows event logs
https://github.com/countercept/chainsaw
Event Log Explorer
Comprehensive EVTX viewer (commercial)
https://eventlogxp.com/

Hindsight
Parse Chrome browser history
https://github.com/obsidianforensics/hindsight
Chrome History Analyzer
Analyze Chrome browser activity
https://github.com/forensicateam/chrome-analyzer
Browser History Viewer (Nirsoft)
View browser history for multiple browsers
https://www.nirsoft.net/utils/browsing_history_view.html

Plaso (log2timeline)
Framework for building forensic timelines
https://plaso.readthedocs.io/
Timesketch
Web-based collaborative timeline analysis
https://github.com/google/timesketch

Cuckoo Sandbox
Automated dynamic malware analysis
https://cuckoosandbox.org/
YARA
Malware pattern matching
https://github.com/VirusTotal/yara
REMnux
Linux distro for malware analysis
https://remnux.org/
PEStudio
Malware static binary analysis
https://winitor.com/

MailXaminer
Commercial email investigation tool
https://www.mailxaminer.com/
P2 Commander
Analyze emails, attachments and artifacts
https://www.paraben.com/p2-commander/
Aid4Mail Forensic
Forensically search and recover mails
https://www.aid4mail.com/

Cellebrite UFED
Industry-standard mobile forensics (commercial)
https://www.cellebrite.com/en/ufed/
MOBILedit Forensic Express
Mobile device extraction and analysis
https://www.mobiledit.com/forensic-express
Magnet AXIOM (mobile)
Mobile and cloud data analysis
https://www.magnetforensics.com/products/axiom/

MFTECmd
MFT ($MFT) table parser
https://ericzimmerman.github.io/#!index.md
PhotoRec/TestDisk
Data recovery from media
https://www.cgsecurity.org/wiki/TestDisk_Download
Shellbag Analyzer & Cleaner
Analyze Windows shellbag artifacts
https://www.forensicswiki.org/wiki/Shell_Bags

Awesome Forensics List
Massive curated toolkit collection
https://github.com/cugu/awesome-forensics
Start.me Forensics Resource Hub
Huge resource list
https://start.me/p/KMAYoE/forensics