Tools

It's about the process, not the tool.

 

dfir.training (exhaustive), NIST, About DFIR (curated). and Awesome Hacking (list of lists) are superb resources. Use them. Below are some free tools I've come across in books, Twitter, or reddit. Not an endorsement of any tool. Some aren't designed for forensics, and you can destroy data. Verify and validate tools before operational use.

Content:

  • Basic Cyber Forensics

  • Mobile and Embedded Devices

  • Malware

  • Apple

  • File Systems

Windows_logo_-_2012.svg.png

Basic Cyber Forensics

Environments

Santoku (mobile) | https://santoku-linux.com/
SIFT | http://digital-forensics.sans.org/community/downloads
REMnux | https://remnux.org/
Kali | https://www.kali.org/downloads/
CERT Toolkit | http://www.certtoolkit.org/site/download-2/
Windows Forensic Environment | http://brettshavers.cc/index.php/brettsblog/tags/tag/winfe
CAINE (live) | http://www.caine-live.net/
PALADIN (live) | https://sumuri.com/product-category/software/sumuri-software/paladin/
Xplico | http://www.xplico.org/download
Python ($5 minimum donation) | http://python-forensics.org/dvd/
nightHawk Response | https://github.com/biggiesmallsAG/nightHawkResponse
DEFT | http://www.deftlinux.net/
Vezir (mobile) | https://github.com/oguzhantopgul/Vezir-Project
CFTT's Federated Testing Forensic Tool Testing Environment | https://www.cftt.nist.gov/federated-testing.html
FLARE VM (malware analysis) | https://github.com/fireeye/flare-vm

Forensic Suites

Autopsy | http://www.sleuthkit.org/autopsy/

Disk Info

Speccy | https://www.piriform.com/speccy
ATATool | http://www.datasynergy.co.uk/products/misc/atatool.aspx
DiskCheckup | http://www.passmark.com/products/diskcheckup.htm

Disk Imaging

FTK Imager | http://accessdata.com/product-download
EnCase Forensic Imager | https://www.guidancesoftware.com/encase-forensic-imager
Magnet Acquire | https://www.magnetforensics.com/magnet-acquire/
OSFClone | http://osforensics.com/tools/create-disk-images.html
ImageUSB | http://www.osforensics.com/tools/write-usb-images.html
dcfldd | http://dcfldd.sourceforge.net/#download
dc3dd | https://sourceforge.net/projects/dc3dd/
Guymager | http://securityblog.gr/3004/guymager-a-free-forensic-imager/
CloneDisk | http://reboot.pro/files/file/24-clonedisk/

Hashing

Hashcalc | http://www.slavasoft.com/hashcalc/
hashdeep | https://github.com/jessek/hashdeep
HasMyFiles | http://www.nirsoft.net/utils/hash_my_files.html
Tom's Hash Explorer | http://www.mannerud.org/software/toms-hash-explorer/

Known File Filtering

OSForensics | http://www.osforensics.com/download.html
NIST | http://www.nsrl.nist.gov/Downloads.htm
AccessData | http://accessdata.com/product-download/digital-forensics/kff-hash-sets

Mounting and Viewing

Arsenal Image Mounter | https://github.com/ArsenalRecon/Arsenal-Image-Mounter
ImDisk Toolkit | http://www.ltr-data.se/opencode.html/#ImDisk
OSFMount | http://www.osforensics.com/tools/mount-disk-images.html
Live View | https://sourceforge.net/projects/liveview/

Windows

ShadowKit | http://www.easymetadata.com/shadowkit/
ShadowExplorer | http://www.shadowexplorer.com/
PancakeViewer | https://github.com/forensicmatt/pancakeviewer
JumpList Explorer | https://ericzimmerman.github.io/
Link Parser | http://www.4discovery.com/our-tools/
lnkanalyzer | http://www.woanware.co.uk/forensics/lnkanalyser.html
Prefetcher | http://sandersonforensics.com/forum/content.php?191-Prefetcher
PrefetchForensics | http://www.woanware.co.uk/forensics/prefetchforensics.html
Windows Prefetch Carver | https://github.com/PoorBillionaire/Windows-Prefetch-Carver
Windows File Analyzer | http://mitec.cz/wfa.html
Event Log Explorer | http://eventlogxp.com/
Triforce Free Edition | https://www.gettriforce.com/product/anjp-free/
Forensic Toolkit | https://www.mcafee.com/uk/downloads/free-tools/forensic-toolkit.aspx
NTFSLinksView | http://www.nirsoft.net/utils/ntfs_links_view.html
LastActivityView | http://www.nirsoft.net/utils/computer_activity_view.html
shimcacheparser | http://www.woanware.co.uk/forensics/shimcacheparser.html
ShimCacheParser | https://github.com/mandiant/ShimCacheParser
GcLinkParser | https://github.com/devgc/GcLinkParser
SrumMonkey | https://github.com/devgc/SrumMonkey
EventMonkey | https://github.com/devgc/EventMonkey

Alternate Data Streams (ADS)

ADS Manager | http://dmitrybrant.com/adsmanager
ADS Locator | http://www.ads-locator.com-about.com/
AlternateStreamView | http://www.nirsoft.net/utils/alternate_data_streams.html
LNS | http://ntsecurity.nu/toolbox/lns/
Streams | https://technet.microsoft.com/en-us/sysinternals/streams.aspx
ADS Spy | https://www.bleepingcomputer.com/download/ads-spy/
Stream Detector | http://www.novirusthanks.org/products/stream-detector/

Windows Registry

RegRipper | https://github.com/keydet89
RegRipperRunner | http://www.woanware.co.uk/forensics/regripperrunner.html
Registry Decoder | https://github.com/504ensicslabs/registrydecoder
Registry Explorer | https://ericzimmerman.github.io/
Registry Viewer | http://accessdata.com/product-download/digital-forensics/registry-viewer-1-8-0-5
Windows Registry Recovery | http://www.mitec.cz/wrr.html
ShellBags Explorer | https://ericzimmerman.github.io/
ShellBagger | http://www.4discovery.com/our-tools/
ShellBagsView | http://www.nirsoft.net/utils/shell_bags_view.html
UserAssistant | http://www.4discovery.com/our-tools/
UserAssist | https://blog.didierstevens.com/programs/userassist/
UserAssist | http://downloadcrew.com/article/23805-userassist
ForensicUserInfo | http://www.woanware.co.uk/forensics/forensicuserinfo.html

USB Forensics

ImageUSB | http://www.osforensics.com/tools/write-usb-images.html
USB Forensic Tracker | http://www.orionforensics.com/w_en_page/USB_forensic_tracker.php
USBDeview | http://www.nirsoft.net/utils/usb_devices_view.html
USB Historian | http://www.4discovery.com/our-tools/
USBDeviceForensics | http://www.woanware.co.uk/forensics/usbdeviceforensics.html
USBTracker | https://github.com/sysinsider/usbtracker
 

Browser Forensics

Web Page Saver | https://www.magnetforensics.com/free-tool-web-page-saver/
Hindsight (Chrome) | https://github.com/obsidianforensics/hindsight
FBCacheView | http://www.nirsoft.net/utils/facebook_cache_viewer.html
Internet History Browser | http://www.mitec.cz/ihb.html
Email History Browser | http://www.mitec.cz/ehb.html
ChromeForensics | http://www.woanware.co.uk/forensics/chromeforensics.html
FireFoxForensics | http://www.woanware.co.uk/forensics/firefoxforensics.html
firefoxsessionextractor | http://www.woanware.co.uk/forensics/firefoxsessionstoreextractor.html
ccl-snss (Chrome) | https://github.com/cclgroupltd/ccl-ssns

Browser History Capturer | https://www.foxtonforensics.com/browser-history-capturer/
Browser History Viewer | https://www.foxtonforensics.com/browser-history-viewer/

Media Forensics

ExifTool | http://www.sno.phy.queensu.ca/~phil/exiftool/
ExifDataView | http://www.nirsoft.net/utils/exif_data_view.html
JPEGsnoop | http://www.impulseadventure.com/photo/jpeg-snoop.html
PhotoView | http://www.mitec.cz/photo.html
Catalina Forensic Audio Software | http://www.forensicav.ro/software.htm
Error Level Comparer | http://socosoftware.com/ELC.html
EXIFextractor | http://www.br-software.com/extracter.html
Video Previewer | http://dfcsc.uri.edu/research/videoPreviewer
FotoForensics | http://fotoforensics.com/
Ghiro | http://www.getghiro.org/ | http://www.imageforensic.org/

Linux

Linux Forensics Tools Repository | https://forensics.cert.org/

Python

Python | https://www.python.org/downloads/
Awesome Python | https://github.com/vinta/awesome-python

Passwords and Encryption

Encrypted Disk Detector | https://www.magnetforensics.com/free-tool-encrypted-disk-detector/
hashcat | https://hashcat.net/hashcat/
Portable Office Rainbow Tables (PORT) | http://accessdata.com/product-download/digital-forensics/portable-office-rainbow-table-port-version-2.0.3
OSForensics Rainbow Tables | http://www.osforensics.com/download.html
BitRocker | https://www.gettriforce.com/product/bitrocker-bitlocker-recovery-key-identifier/

Social

Social Harvest | https://github.com/SocialHarvest/harvester
SkypeLogView | http://www.nirsoft.net/utils/skype_log_view.html
SkypeContactsView | http://www.nirsoft.net/utils/skype_contacts_view.html
Instant Messaging History Browser | http://www.mitec.cz/imhb.html

Analysis

NodeXL | http://nodexl.codeplex.com/
Elastic | https://www.elastic.co/downloads
Timeliner | http://www.woanware.co.uk/forensics/timeliner.html
Timeline Maker | https://www.timelinemaker.com/
Timeline 3D (Mac) | https://www.beedocs.com/timeline3D/mac/
plaso | https://github.com/log2timeline/plaso
TimeSketch | https://github.com/google/timesketch
ElasticHandler | https://github.com/devgc/ElasticHandler

Other

MetaDiver | https://www.easymetadata.com/metadiver-2/
DCode | http://www.digital-detective.net/digital-forensic-software/free-tools/
MetaExtractor | http://www.4discovery.com/our-tools/
DriveDigest | http://www.4discovery.com/our-tools/
DateDecode | http://sandersonforensics.com/forum/content.php?245-DateDecode-a-forensic-tool-to-decode-a-number-as-various-date-formats
Bulk Extractor | http://www.forensicswiki.org/wiki/Bulk_extractor
DFIR Utils | https://github.com/pstirparo/utils
PowerForensics | https://github.com/Invoke-IR/PowerForensics
Yara Forensics | https://github.com/Xumeiquer/yara-forensics

Test Images and Challenges

ForGe | https://github.com/hannuvisti/forge
NIST | http://www.cfreds.nist.gov/
Brian Carrier | http://dftt.sourceforge.net/
Forensic Focus | http://www.forensicfocus.com/images-and-challenges
Ali Hadi | http://www.ashemery.com/dfir.html
dfir.training | http://www.dfir.training/index.php/tools/test-images

Utilities

KeepNote | http://keepnote.org/
Notepad++ | https://notepad-plus-plus.org/
7zip | http://www.7-zip.org/download.html
PuTTY | http://www.putty.org/
Rufus | https://rufus.akeo.ie/
Greenshot | http://getgreenshot.org/


Android_robot_2014.svg.png

Mobile and Embedded Devices

SAFT | http://www.signalsec.com/saft/
Magnet Acquire | https://www.magnetforensics.com/magnet-acquire/
bandicoot | http://bandicoot.mit.edu/

SQLite Forensics

SQLite Database Browser | http://sqlitebrowser.org/
Firefox SQLite Manager | https://addons.mozilla.org/en-US/firefox/addon/sqlite-manager/
SQLiteDiver | http://www.easymetadata.com/sqlitediver/
SQLite Expert | http://www.sqliteexpert.com/download.html
SQLite Deleted Records Parser | https://github.com/mdegrazia/SQLite-Deleted-Records-Parser/releases
SQLite Artifact Recovery Framework (SLARF) | https://github.com/sysforensics/SLARF
SQLiteSpy | http://www.yunqa.de/delphi/products/sqlitespy/index
SQLite Unknown Identifier (SQUID) | https://github.com/obsidianforensics/squid
SQLite Query | http://www.mitec.cz/sqliteq.html

Android

Android Studio | https://developer.android.com/studio/index.html
AF Logical OSE | https://github.com/nowsecure/android-forensics/download
Remo REcover for Android | http://www.remosoftware.com/remo-recover-for-android
 

Memory Forensics for Android

Linux Memory Extractor (LiME) | https://github.com/504ensicslabs/lime
AMExtractor | https://github.com/ir193/AMExtractor
DSCRETE | https://www.cs.purdue.edu/homes/bsaltafo/publications/#DSCRETE
RetroScope | https://github.com/ProjectRetroScope/RetroScope

Application Analysis for Android

dex2jar | https://github.com/pxb1988/dex2jar
MARA | https://github.com/xtiankisutsa/MARA_Framework
MobSF | https://github.com/xtiankisutsa/Mobile-Security-Framework-MobSF
SUPER | https://github.com/SUPERAndroidAnalyzer/super
Droid-Hunter | https://github.com/hahwul/droid-hunter
androtools | https://github.com/bunseokbot/androtools

iOS

iTunes | http://www.apple.com/itunes/download/
iExplorer | https://www.macroplant.com/iexplorer/
plist Editor | http://www.icopybot.com/plist-editor.htm
WhatsApp Extractor | http://whatsapp-extractor.en.softonic.com/
iPhone Backup Analyzer 2 | https://github.com/PicciMario/iPhone-Backup-Analyzer-2
iPhone Backup Browser | https://code.google.com/archive/p/iphonebackupbrowser/
iPhone Backup Extractor (Mac OS) | http://supercrazyawesome.com/
iPhone Analyzer | https://sourceforge.net/projects/iphoneanalyzer/
iFunBox | http://www.i-funbox.com/
iBackupBot | http://www.icopybot.com/itunes-backup-manager.htm
iPhoneReader | http://trewmte.blogspot.com/2015/04/free-iphonereader-research-tool.html
Safari Forensic Tools | https://sourceforge.net/projects/jafat/files/
iThmb Converter | http://www.ithmbconverter.com/
iphone-dataprotection | https://github.com/dinosec/iphone-dataprotection
Keychain Dumper (Jailbroken devices) | https://github.com/ptoomey3/Keychain-Dumper
ivMeta | http://www.csitech.co.uk/ivmeta-iphone-metadata/
iStalker (iOS 4.x) | http://evigator.com/free-apps/istalkr
iOS Tracker (iOS 4.x) | http://tom.zickel.org/iostracker/

Application Analysis for iOS

obSF | https://github.com/xtiankisutsa/Mobile-Security-Framework-MobSF
iSpy | https://github.com/BishopFox/iSpy
Idb | https://github.com/dmayer/idb

Windows Phone

Windows Phone Internals | http://www.wpinternals.net/
Windows Phone Device Manager | http://www.touchxperience.com/windows-phone-device-manager/
Windows Phone SDK | https://developer.microsoft.com/en-us/windows/downloads/sdk-archive

BlackBerry

BlackBerry Link (BB10) | http://us.blackberry.com/software/desktop/blackberry-link.html
BlackBerry Desktop | http://us.blackberry.com/software/desktop.html
BlackBerry Backup Extractor | http://www.blackberryconverter.com/
Rubus | http://www.cclgroupltd.com/product/rubus-ipd-deconstructor/
MagicBerry | http://magicberry.en.lo4d.com/
 

Feature Phones

Flasher Boxes

GPS

Google Earth | https://www.google.com/earth/explore/products/desktop.html
Garmin BaseCamp | http://www.garmin.com/en-US/shop/downloads/basecamp
Google Maps Tile Investigator | https://www.magnetforensics.com/free-tool-google-maps-tile-investigator/
 

Vehicles

RomRaider (Subaru) | http://www.romraider.com/
AVRDUDESS (Atmel microcontrollers) |  http://blog.zakkemble.co.uk/avrdudess-a-gui-for-avrdude/
Octane | http://octane.gmu.edu/
Unified Diagnostics Services Simulator | https://github.com/zombieCraig/UDSim/
O2OO | https://www.vanheusden.com/O2OO/
Kayak | http://kayak.2codeornot2code.org/
pyOBD | http://www.obdtester.com/pyobd
Ext2fsd | http://www.ext2fsd.com/


520px-Biohazard_symbol_(red).svg.png

Malware

Sysinternals Suite | https://technet.microsoft.com/en-us/sysinternals/bb842062.aspx
Highlighter | https://www.fireeye.com/services/freeware/highlighter.html
Malboxes | https://github.com/GoSecure/malboxes
Python Scripts | https://github.com/tandasat/scripts_for_RE

Incident Response

IRTriage | https://github.com/AJMartel/IRTriage
Pac4Mac | https://github.com/sud0man/pac4mac
The Hive | https://github.com/CERT-BDF/TheHive
Allosaurus | https://www.brimorlabs.com/tools/
GRR Rapid Response | https://github.com/google/grr
Retrieve Interesting Files Tool | https://github.com/chaoticmachinery/fate/tree/master/frac_rift
Windows Forensic Toolchest (WFT) | http://www.foolmoon.net/security/wft/
IRCR | https://sourceforge.net/projects/ircr/
RAPIER | https://code.google.com/archive/p/rapier/
DumpWin | https://www.niiconsulting.com/innovation/security-tools.html
Query User | https://technet.microsoft.com/en-us/library/cc788125(v=ws.10).aspx
Netstat | https://technet.microsoft.com/en-us/library/bb490947.aspx
Arp | https://technet.microsoft.com/en-us/library/cc940107.aspx
Nbtstat | https://technet.microsoft.com/en-us/library/cc940106.aspx
Net Services | https://technet.microsoft.com/en-us/library/bb490949.aspx
PuList | https://support.microsoft.com/en-us/kb/927229
ListModules | http://www.ntsecurity.nu/toolbox/listmodules/
FPort | http://www.mcafee.com/us/downloads/free-tools/fport.aspx
OpenPorts | http://www.majorgeeks.com/files/details/openports.html
CurrPorts | http://www.nirsoft.net/utils/cports.html
TList | https://msdn.microsoft.com/en-us/library/windows/hardware/ff558901(v=vs.85).aspx
ServiWin | http://www.nirsoft.net/utils/serviwin.html
InstalledDriversList | http://www.nirsoft.net/utils/installed_drivers_list.html
OpenFiles | https://technet.microsoft.com/en-us/library/bb490961.aspx
SchTasks | https://technet.microsoft.com/en-us/library/bb490996.aspx
InsideClipboard | http://www.nirsoft.net/utils/inside_clipboard.html
smudge | https://github.com/NickStephens/smudge
dfirtriage | https://github.com/travisfoley/dfirtriage

Memory Acquisition

FTK Imager Lite | http://accessdata.com/product-download/digital-forensics/ftk-imager-lite-version-3.1.1
Magnet RAM Capture | https://www.magnetforensics.com/free-tool-magnet-ram-capture/
Memoryze | https://www.fireeye.com/services/freeware/memoryze.html
Belkasoft RAM Capturer | http://belkasoft.com/ram-capturer
mdd ManTech Physical Memory Dump Utility | http://sourceforge.net/projects/mdd/files/
LiME | https://github.com/504ensicsLabs/LiME
lmg (Linux) | https://github.com/halpomeranz/lmg
LiMDE (Linux) | https://github.com/AJMartel/LiMDE
OSXPmem | https://github.com/google/rekall/tree/master/tools/osx/MacPmem

Memory Analysis

Volatility | http://www.volatilityfoundation.org/
Evolve | https://github.com/JamesHabben/evolve
VolUtility | https://github.com/kevthehermit/VolUtility
VolatilityBot | https://github.com/mkorman90/VolatilityBot
Volatility Workbench | https://www.osforensics.com/tools/volatility-workbench.html
Rekall | http://www.rekall-forensic.com/
Redline | https://www.fireeye.com/services/freeware/redline.html
VolWeb | https://blog.forensec.nl/2013/11/12/new-version-of-volweb/
inVtero.net | http://shanek2.github.io/inVtero.net/
VolDiff | https://github.com/aim4r/VolDiff
Process Dump | https://github.com/glmcdona/Process-Dump
volafox (Mac) | https://github.com/n0fate/volafox

Static Analysis

bstrings | https://github.com/EricZimmerman/bstrings
PEStudio | https://www.winitor.com/binaries.html
PEiD | https://www.aldeid.com/wiki/PEiD
PEView | https://www.aldeid.com/wiki/PEView
Resource Hacker | http://www.angusj.com/resourcehacker/
Dependency Walker | http://www.dependencywalker.com/
YARA | http://virustotal.github.io/yara/
yarGen | https://github.com/Neo23x0/yarGen
TDSAnomalPE | https://github.com/missmalware/TDSAnomalPE
McAfee FileInsight | http://www.mcafee.com/us/downloads/free-tools/fileinsight.aspx
ExeInfo | http://www.nirsoft.net/utils/exeinfo.html
EXE Explorer | http://www.mitec.cz/exe.html
autorunner | http://www.woanware.co.uk/forensics/autorunner.html
PEFrame (Linux) | https://github.com/guelfoweb/peframe
FLOSS | https://github.com/fireeye/flare-floss
ProcDOT | http://www.procdot.com/
pixd | https://github.com/FireyFly/pixd
Didier Stevens | https://blog.didierstevens.com/my-software/
NPE File Analyzer | http://www.novirusthanks.org/products/npe-file-analyzer/
Faster Universal Unpacker (FUU) | https://github.com/crackinglandia/fuu
UPX | https://github.com/upx/upx
UPX Easy GUI | http://www.novirusthanks.org/products/upx-easy-gui/
Katai WebIDE | https://kt.pe/kaitai_struct_webide/
binvis.io | http://binvis.io/#/
Ice Buddha | http://icebuddha.com/
BinDiff | https://www.zynamics.com/software.html
UniExtract | https://github.com/Bioruebe/UniExtract2
strings2 | https://github.com/glmcdona/strings2
Function Hacker | https://github.com/glmcdona/FunctionHacker
Automation Forensics Tool (AFOT) | https://github.com/harris21/afot
BinDiff | https://www.zynamics.com/software.html
BinSkim | https://github.com/Microsoft/binskim
Manalyze | https://github.com/JusticeRage/Manalyze
MASTIFF | https://github.com/KoreLogicSecurity/mastiff
FileAlyzer | https://www.safer-networking.org/products/filealyzer/
PPEE (puppy) | https://www.mzrst.com/
Exeinfo | http://exeinfo.pe.hu/
LordPE | http://www.woodmann.com/collaborative/tools/index.php/LordPE

Dynamic Analysis

RegShot | https://sourceforge.net/projects/regshot/
Binsnitch | https://github.com/NVISO-BE/binsnitch

RegistryChangesView | http://www.nirsoft.net/utils/registry_changes_view.html
ApateDNS | https://www.fireeye.com/services/freeware/apatedns.html
INetSim | http://www.inetsim.org/downloads.html
Malcode Analyst | http://sandsprite.com/iDef/MAP/
DiamondCS Port Explorer | http://www.tucows.com/preview/290619/DiamondCS-Port-Explorer
Fiddler | http://www.telerik.com/fiddler
PE Capture | http://www.novirusthanks.org/products/pe-capture/
WriteProcessMemory Monitor | http://www.novirusthanks.org/products/writeprocessmemory-monitor/
Ring3 API Hook Scanner | http://www.novirusthanks.org/products/ring3-api-hook-scanner/
DLL Explorer | http://www.novirusthanks.org/products/dll-explorer/
Hidden Process Finder | http://www.novirusthanks.org/products/hidden-process-finder/
Malware Monitor | https://github.com/glmcdona/MALM
RemoteWrite Monitor | https://github.com/tandasat/RemoteWriteMonitor
Elevation of Privilege Monitor | https://github.com/tandasat/EopMon
GuardMon | https://github.com/tandasat/GuardMon
MemoryMon | https://github.com/tandasat/MemoryMon
Process Hacker | https://github.com/processhacker2/processhacker2
Manticore | https://github.com/trailofbits/manticore

Disassembly (Advanced Static Analysis)

IDA Pro | https://www.hex-rays.com/products/ida/support/download_freeware.shtml
ODA | https://onlinedisassembler.com/static/home/
PEBrowse | http://www.smidgeonsoft.prohosting.com/pebrowse-pro-file-viewer.html
lida (Linux) | https://sourceforge.net/projects/lida/
diStorm (x86/AMD64) | https://github.com/gdabah/distorm
udis86 (x86/x64) | https://github.com/vmt/udis86
Snowman | https://github.com/yegord/snowman
Radare | http://radare.org/r/
Iaito (Radare GUI) | https://github.com/hteso/iaito
Capstone | http://www.capstone-engine.org/
PLASMA | https://github.com/joelpx/plasma
HT Editor | https://github.com/sebastianbiallas/ht
Medusa | https://github.com/wisk/medusa
ArkDasm (x64) | http://www.arkdasm.com/
ScratchABit | http://www.arkdasm.com/
Binary Ninja | https://binary.ninja/index.html

Debugging (Advanced Dynamic Analysis)

x64dbg | http://x64dbg.com/#start
Immunity Debugger | https://www.immunityinc.com/products/debugger/index.html
WinDbg | https://developer.microsoft.com/en-us/windows/hardware/windows-driver-kit
OllyDbg | http://ollydbg.de/

Malicious Documents

PDFMiner | https://github.com/euske/pdfminer

Networking

Wireshark | https://www.wireshark.org/download.html
Network Appliance Forensic Toolkit (Export IPv4 packets) |
https://blog.didierstevens.com/programs/network-appliance-forensic-toolkit/
Network Miner | http://www.netresec.com/?page=NetworkMiner
dripcap | https://github.com/dripcap/dripcap