Digital Forensics reviews by real, verified users. Find unbiased ratings on user satisfaction, features, and price based on the most reviews available anywhere.
Digital forensics software is used to investigate and examine IT systems after security incidents or for security-related preventive maintenance. These tools help businesses perform in-depth analysis of IT systems to identify the cause of security incidents, outline vulnerabilities, and assist security teams in facilitating incident response processes. These tools aggregate security information from hardware, network logs, and files to present security professionals with a full picture of the likely causes of security incidents. From there, many tools identify the steps necessary to remediate the vulnerability and update policies and configurations to prevent the situation from arising again.
Companies use these tools after security incidents to identify the cause and root out any flaws or bugs that would allow a repeat scenario. They also use these tools to investigate systems, networks, and software to identify risks and remediate them before an incident occurs. Many of the tools in this category align with incident response software; however, those tools do not have the same in-depth investigative functionality and typically focus more on immediate remediation than granular investigation and preventive maintenance.
To qualify for inclusion in the Digital Forensics category, a product must:
IBM Security QRadar helps security teams accurately detect, understand and prioritize threats that matter most to the business. The solution ingests asset, cloud, network, endpoint, and user data, correlates it against vulnerability information and threat intelligence, and applies advanced analytics to identify and track the most serious threats as they progress through the kill chain. Once a credible threat is identified, AI-powered investigations provide rapid, intelligent insights into the
Cyber Triage™ is an automated incident response software any organization can use to rapidly investigate its endpoints. Cyber Triage investigates the endpoint by pushing the collection tool over the network, collecting relevant data, and analyzing it for malware and suspicious activity. Cyber threats are constantly evolving, and manual incident response can be inconsistent and incomplete. By automating every phase of the endpoint forensics process, Cyber Triage ensures state-of-the-art remediat
As part of the Check Point Zero-Day Protection SandBlast solution, the Threat Extraction capability removes exploitable content, including active content and embedded objects, reconstructs files to eliminate potential threats, and promptly delivers sanitized content to users to maintain business flow.
FireEye Network Security (NX) solutions protect against known and unknown advanced attacks with the signature-less Multi-Vector Virtual Execution (MVX) engine, conventional intrusion prevention system (IPS) and intelligence-driven detection.
X-Ways Forensics is an advanced work environment for computer forensic examiners and our flagship product. Runs under Windows XP/2003/Vista/2008/7/8/8.1/2012/10*, 32 Bit/64 Bit, standard/PE/FE. (Windows FE is described here, here and here.) Compared to its competitors, X-Ways Forensics is more efficient to use after a while, by far not as resource-hungry, often runs much faster, finds deleted files and search hits that the competitors will miss, offers many features that the others lack, as a Ge
Magnet Forensics provides a wide range of solutions for law enforcement agencies and corporations to meet the challenges of modern digital investigations: Use Magnet AXIOM Cyber to simplify your corporate investigations. Organizations of all sizes fall victim to cybersecurity threats every day. With an artifacts-first approach and built-in remote collection, Magnet AXIOM Cyber helps you quickly understand what happened so you can safeguard your business in the future. Use this tool for root cau
SmartEvent event management provides full threat visibility with a single view into security risks. Take control and command the security event through real-time forensic and event investigation, compliance, and reporting. Respond to security incidents immediately and gain network true insights. Features include: integrated threat management, single view into security risks, customizable views and reports, full threat visibility, and real-time forensic and event investigation.
Agari Phishing Response™ is the only turnkey solution purpose-built for Microsoft Office 365 to automate the process of phishing incident response, remediation, and breach containment. Agari Phishing Response, using continuous detection and response technology, simplifies and accelerates threat hunting by instantly discovering all email attacks matching newly discovered indicators of compromise (IOCs) across all inboxes. The Agari SOC Network, a cyber intelligence sharing network, provides a c
ACI Case Manager helps banks manage enterprise-wide cases more efficiently; track, control and recover losses; detect patterns; gather intelligence to reduce losses from fraud; and provide peace of mind by ensuring they have the tools required to manage fraud.
With Change Auditor, you get complete, real-time IT auditing, in-depth forensics and comprehensive security monitoring on all key configuration, user and administrator changes for Microsoft Active Directory, Azure AD, Exchange, Office 365, Exchange Online, file servers and more. Change Auditor tracks detailed user activity for logons, authentications and other key services across enterprises to enhance threat detection and security monitoring from a central console.
Cognitech FiA64is a comprehensive software with analysis tools designed for forensic analysis and authentication of digital images. This extensive toolkit will allow the user to investigate the evidence and detect possible traces of tampering or other types of inconsistencies. FiA64 is used to systematically detect forged/doctored file based digital image evidence is able to authenticate and uncover where tampering and modification has taken place in a doctored image. This solution allows the e
Malware Analysis (AX series) products provide a secure environment to test, replay, characterize, and document advanced malicious activities. Malware Analysis shows the cyber attack lifecycle, from the initial exploit and malware execution path to callback destinations and follow-on binary download attempts.
Imperva Attack Analytics correlates and distills thousands of security events into a few readable security narratives. The solution employs artificial intelligence and machine learning to simplify application security event investigations, enabling IT organizations to mitigate and respond to real threats quickly and decisively.
Phonexia Voice Inspector is an out-of-the-box solution that enables police forces and forensic experts with a highly accurate forensic voice comparison tool to support effective criminal investigations and give evidence in court. It uses the cutting-edge Phonexia Voice Biometrics technology powered by deep neural networks, providing exceptional accuracy. You can automatically compare the subject’s voice, use recordings of any language, and present the results quickly with predefined reports.
IT Security Search is a Google-like, IT search engine that enables IT administrators and security teams to quickly respond to security incidents and analyze event forensics. The tool's web-based interface correlates disparate IT data from many Quest security and compliance solutions into a single console and makes it easier than ever to: - Reduce the complexity of searching, analyzing and maintaining critical IT data scattered across information silos - Speed security investigations and complia
LogLogic Log Management Intelligence helps unlock value from all this data whether it's generated physically, virtually, on-site, or in the cloud. You can store all your log data in a centralized and secure place, leverage it to attain actionable information, deliver it to a TIBCO or third-party application for analysis, and archive it for future search or forensic investigations.
The goal of Xplico is extract from an internet traffic capture the applications data contained. For example, from a pcap file Xplico extracts each email (POP, IMAP, and SMTP protocols), all HTTP contents, each VoIP call (SIP), FTP, TFTP, and so on. Xplico isn‚t a network protocol analyzer. Xplico is an open source Network Forensic Analysis Tool (NFAT). Xplico is released under the GNU General Public License.