Tools on the site are organized into the following categories:

• Bootable Environments
  Use to boot a suspect system into a trusted state.
• Data Acquisition
  Use to collect data from a dead or live suspect system.
• Volume System
  Use to examine the data structures that organize media, such as partition tables and disk labels.
• File System
  Use to examine a file system or disk image and show the file content and other meta data.
• Application
  Use to analyze the contents of a file (i.e. at the application layer).
• Network
  Use to analyze network packets and traffic. This does not include logs from network devices.
• Memory
  Use to analyze memory dumps from computers.
• Frameworks
  Frameworks used to build custom tools.