Tools on the site are organized into the following categories:
- Bootable Environments
Use to boot a suspect system into a trusted state.
- Data Acquisition
Use to collect data from a dead or live suspect system.
- Volume System
Use to examine the data structures that organize media, such as partition tables and disk labels.
- File System
Use to examine a file system or disk image and show the file content and other meta data.
Use to analyze the contents of a file (i.e. at the application layer).
Use to analyze network packets and traffic. This does not include logs from network devices.
Use to analyze memory dumps from computers.
Frameworks used to build custom tools.