Star Rating
Languages Supported
Pricing Options

Digital Forensics reviews by real, verified users. Find unbiased ratings on user satisfaction, features, and price based on the most reviews available anywhere.

Best Digital Forensics Software

    Digital forensics software is used to investigate and examine IT systems after security incidents or for security-related preventive maintenance. These tools help businesses perform in-depth analysis of IT systems to identify the cause of security incidents, outline vulnerabilities, and assist security teams in facilitating incident response processes. These tools aggregate security information from hardware, network logs, and files to present security professionals with a full picture of the likely causes of security incidents. From there, many tools identify the steps necessary to remediate the vulnerability and update policies and configurations to prevent the situation from arising again.

    Companies use these tools after security incidents to identify the cause and root out any flaws or bugs that would allow a repeat scenario. They also use these tools to investigate systems, networks, and software to identify risks and remediate them before an incident occurs. Many of the tools in this category align with incident response software; however, those tools do not have the same in-depth investigative functionality and typically focus more on immediate remediation than granular investigation and preventive maintenance.

    To qualify for inclusion in the Digital Forensics category, a product must:

    Perform file, internet, email, memory, and hardware security analysis
    Index aggregated security information for analysis
    Outline and/or automate security investigation workflows
    Produce investigative reports outlining security vulnerabilities

    Compare Digital Forensics Software

    G2 takes pride in showing unbiased reviews on user satisfaction in our ratings and reports. We do not allow paid placements in any of our ratings, rankings, or reports. Learn about our scoring methodologies.
    Sort By:
    Results: 28
    Adv. Filters
    (190)4.3 out of 5
    Optimized for quick response
    Entry Level Price:FREE for 14 Days

    IBM Security QRadar helps security teams accurately detect, understand and prioritize threats that matter most to the business. The solution ingests asset, cloud, network, endpoint, and user data, correlates it against vulnerability information and threat intelligence, and applies advanced analytics to identify and track the most serious threats as they progress through the kill chain. Once a credible threat is identified, AI-powered investigations provide rapid, intelligent insights into the

    (11)4.7 out of 5

    This scalable software is court-approved. It includes a decryption and a password cracking program. Customizable interface.

    (14)4.4 out of 5

    Cyber Triage™ is an automated incident response software any organization can use to rapidly investigate its endpoints. Cyber Triage investigates the endpoint by pushing the collection tool over the network, collecting relevant data, and analyzing it for malware and suspicious activity. Cyber threats are constantly evolving, and manual incident response can be inconsistent and incomplete. By automating every phase of the endpoint forensics process, Cyber Triage ensures state-of-the-art remediat

    (14)4.3 out of 5

    Parrot Security (ParrotSec) is a Security GNU/Linux distribution designed for the Cyber-Security (InfoSec) field. It includes a full portable laboratory for security and digital forensics experts.

    (4)4.6 out of 5

    As part of the Check Point Zero-Day Protection SandBlast solution, the Threat Extraction capability removes exploitable content, including active content and embedded objects, reconstructs files to eliminate potential threats, and promptly delivers sanitized content to users to maintain business flow.

    FireEye Network Security (NX) solutions protect against known and unknown advanced attacks with the signature-less Multi-Vector Virtual Execution (MVX) engine, conventional intrusion prevention system (IPS) and intelligence-driven detection.

    (2)4.8 out of 5

    X-Ways Forensics is an advanced work environment for computer forensic examiners and our flagship product. Runs under Windows XP/2003/Vista/2008/7/8/8.1/2012/10*, 32 Bit/64 Bit, standard/PE/FE. (Windows FE is described here, here and here.) Compared to its competitors, X-Ways Forensics is more efficient to use after a while, by far not as resource-hungry, often runs much faster, finds deleted files and search hits that the competitors will miss, offers many features that the others lack, as a Ge

    (1)5.0 out of 5

    Belkasoft Evidence Center makes it easy for an investigator to acquire, search, analyze, store and share digital evidence found inside computer and mobile devices.

    (2)4.3 out of 5

    DomainTools' data and products work in harmony to enable security teams to start getting ahead of attacks, gain context and visibility into potential threats, and lower the skills barrier.

    (1)3.5 out of 5

    EnCase Forensic enables you to quickly search, identify, and prioritize potential evidence, in computers and mobile devices, to determine whether further investigation is warranted.

    (1)5.0 out of 5

    Magnet Forensics provides a wide range of solutions for law enforcement agencies and corporations to meet the challenges of modern digital investigations: Use Magnet AXIOM Cyber to simplify your corporate investigations. Organizations of all sizes fall victim to cybersecurity threats every day. With an artifacts-first approach and built-in remote collection, Magnet AXIOM Cyber helps you quickly understand what happened so you can safeguard your business in the future. Use this tool for root cau

    (2)4.8 out of 5

    SmartEvent event management provides full threat visibility with a single view into security risks. Take control and command the security event through real-time forensic and event investigation, compliance, and reporting. Respond to security incidents immediately and gain network true insights. Features include: integrated threat management, single view into security risks, customizable views and reports, full threat visibility, and real-time forensic and event investigation.

    0 ratings

    Agari Phishing Response™ is the only turnkey solution purpose-built for Microsoft Office 365 to automate the process of phishing incident response, remediation, and breach containment. Agari Phishing Response, using continuous detection and response technology, simplifies and accelerates threat hunting by instantly discovering all email attacks matching newly discovered indicators of compromise (IOCs) across all inboxes. The Agari SOC Network, a cyber intelligence sharing network, provides a c

    (1)0.0 out of 5

    Autopsy is an easy to use, GUI-based program that allows you to efficiently analyze hard drives and smart phones. It has a plug-in architecture that allows you to find add-on modules or develop custom modules in Java or Python.

    0 ratings

    BloxOne™ Threat Defense extends security and visibility across even the most globally dispersed network to proactively protect users, data and infrastructure wherever they are.

    0 ratings

    Cado Response can automatically raise business risks and issues to an analyst, so they can escalate quickly to management and ensure you meet mandatory breach notification deadlines.

    0 ratings

    ACI Case Manager helps banks manage enterprise-wide cases more efficiently; track, control and recover losses; detect patterns; gather intelligence to reduce losses from fraud; and provide peace of mind by ensuring they have the tools required to manage fraud.

    (1)0.0 out of 5

    With Change Auditor, you get complete, real-time IT auditing, in-depth forensics and comprehensive security monitoring on all key configuration, user and administrator changes for Microsoft Active Directory, Azure AD, Exchange, Office 365, Exchange Online, file servers and more. Change Auditor tracks detailed user activity for logons, authentications and other key services across enterprises to enhance threat detection and security monitoring from a central console.

    Cognitech FiA64is a comprehensive software with analysis tools designed for forensic analysis and authentication of digital images. This extensive toolkit will allow the user to investigate the evidence and detect possible traces of tampering or other types of inconsistencies. FiA64 is used to systematically detect forged/doctored file based digital image evidence is able to authenticate and uncover where tampering and modification has taken place in a doctored image. This solution allows the e

    0 ratings

    Protecting Patient Privacy in Electronic Health Records

    0 ratings

    Malware Analysis (AX series) products provide a secure environment to test, replay, characterize, and document advanced malicious activities. Malware Analysis shows the cyber attack lifecycle, from the initial exploit and malware execution path to callback destinations and follow-on binary download attempts.

    0 ratings

    Imperva Attack Analytics correlates and distills thousands of security events into a few readable security narratives. The solution employs artificial intelligence and machine learning to simplify application security event investigations, enabling IT organizations to mitigate and respond to real threats quickly and decisively.

    0 ratings

    0 ratings

    Phonexia Voice Inspector is an out-of-the-box solution that enables police forces and forensic experts with a highly accurate forensic voice comparison tool to support effective criminal investigations and give evidence in court. It uses the cutting-edge Phonexia Voice Biometrics technology powered by deep neural networks, providing exceptional accuracy. You can automatically compare the subject’s voice, use recordings of any language, and present the results quickly with predefined reports.

    0 ratings

    IT Security Search is a Google-like, IT search engine that enables IT administrators and security teams to quickly respond to security incidents and analyze event forensics. The tool's web-based interface correlates disparate IT data from many Quest security and compliance solutions into a single console and makes it easier than ever to: - Reduce the complexity of searching, analyzing and maintaining critical IT data scattered across information silos - Speed security investigations and complia

    0 ratings

    LogLogic Log Management Intelligence helps unlock value from all this data whether it's generated physically, virtually, on-site, or in the cloud. You can store all your log data in a centralized and secure place, leverage it to attain actionable information, deliver it to a TIBCO or third-party application for analysis, and archive it for future search or forensic investigations.

    0 ratings

    The goal of Xplico is extract from an internet traffic capture the applications data contained. For example, from a pcap file Xplico extracts each email (POP, IMAP, and SMTP protocols), all HTTP contents, each VoIP call (SIP), FTP, TFTP, and so on. Xplico isn‚t a network protocol analyzer. Xplico is an open source Network Forensic Analysis Tool (NFAT). Xplico is released under the GNU General Public License.