Python Forensics

Open-source Python projects categorized as Forensics

Top 23 Python Forensic Projects

  • mvt

    MVT (Mobile Verification Toolkit) helps with conducting forensics of mobile devices in order to find signs of a potential compromise.

  • Project mention: Exploiting the iPhone 4 | | 2023-10-02

    Amnesty International released Mobile Verification Toolkit to check your phone for malware, by checking encrypted backups on your computer.

  • prowler

    Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more

  • Project mention: Cloud Security and Resilience: DevSecOps Tools and Practices | | 2024-05-01

    1. Prowler: Prowler provides security best practices assessments, audits, incident response readiness, and continuous monitoring for AWS environments.

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo
  • oletools

    oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.

  • timesketch

    Collaborative forensic timeline analysis

  • volatility3

    Volatility 3.0 development

  • plaso

    Super timeline all the things

  • Digital-Forensics-Guide

    Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.

  • Project mention: Most used DFIR tools | /r/cybersecurity | 2023-12-10

    If you're looking to learn on your own, try mikeroyal's digital forensics guide on Github. There's a lot of recommended resources there that'll speed you up.

  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
  • andriller

    📱 Andriller - is software utility with a collection of forensic tools for smartphones. It performs read-only, forensically sound, non-destructive acquisition from Android devices.

  • RecoverPy

    Interactively find and recover deleted or :point_right: overwritten :point_left: files from your terminal

  • Project mention: RecoverPy 2.1.3: A Linux tool to recover deleted or overwritten files | /r/opensource | 2023-10-23
  • hindsight

    Web browser forensics for Google Chrome/Chromium

  • mac_apt

    macOS (& ios) Artifact Parsing Tool

  • Project mention: My productivity app is a never-ending .txt file | | 2024-02-19
  • turbinia

    Automation and Scaling of Digital Forensics Tools

  • python-evtx

    Pure Python parser for Windows Event Log files (.evtx)

  • Zircolite

    A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs

  • docker-explorer

    A tool to help forensicate offline docker acquisitions

  • RecuperaBit

    A tool for forensic file system reconstruction.

  • Project mention: RecuperaBit: A tool for forensic file system reconstruction | | 2024-02-07
  • MalConfScan

    Volatility plugin for extracts configuration data of known malware

  • WhatsApp-Key-Database-Extractor

    The most advanced and complete solution for extracting WhatsApp key/DB from package directory (/data/data/com.whatsapp) without root access.

  • WhatsDump

    Extract WhatsApp private key from any non-rooted Android device (Android 7+ supported)

  • varc

    Volatile Artifact Collector collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of particular use when investigating a security incident.

  • MR

    Mobile Revelator

  • netspionage

    Network Forensics CLI utility that performs Network Scanning, OSINT, and Attack Detection

  • autotimeliner

    Automagically extract forensic timeline from volatile memory dump

  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020).

Python Forensics related posts

  • RecuperaBit: A tool for forensic file system reconstruction

    1 project | | 7 Feb 2024
  • Most used DFIR tools

    1 project | /r/cybersecurity | 10 Dec 2023
  • As recommended, I ask it here : how can I find out if my phone is being tapped, and what should I do if it is?

    1 project | /r/opsec | 11 Jul 2023
  • How do I download this on iPhone

    1 project | /r/iphonehelp | 27 Jun 2023
  • I dont know if i downloaded malware

    1 project | /r/techsupport | 27 Jun 2023
  • iOS 16.5.1 TriangleDB spyware

    1 project | /r/opsec | 26 Jun 2023
  • Can anyone hack my phone via sending a WhatsApp Photo? How to know it?

    1 project | /r/Hacking_Tutorials | 10 Jun 2023
  • A note from our sponsor - SaaSHub | 30 May 2024
    SaaSHub helps you find the best software and product alternatives Learn more →


What are some of the best open-source Forensic projects in Python? This list will help you:

Project Stars
1 mvt 9,879
2 prowler 9,720
3 oletools 2,764
4 timesketch 2,511
5 volatility3 2,275
6 plaso 1,637
7 Digital-Forensics-Guide 1,379
8 andriller 1,246
9 RecoverPy 1,183
10 hindsight 1,029
11 mac_apt 720
12 turbinia 722
13 python-evtx 670
14 Zircolite 607
15 docker-explorer 519
16 RecuperaBit 510
17 MalConfScan 472
18 WhatsApp-Key-Database-Extractor 436
19 WhatsDump 263
20 varc 234
21 MR 147
22 netspionage 141
23 autotimeliner 119

SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives