Awesome list of digital forensic tools

Collection of digital forensics tools for verification, investigations, diagnostics and so on. Composed from: Bellingcat's Digital Forensics Tools list https://docs.google.com/document/d/1BfLPJpRtyq4RFtHJoNpvWQjmGnyVkfE2HYoICKOGguA, Forensics Wiki http://www.forensicswiki.org and assorted collections of forensic resources online.

All contributions welcome. Please propose changes using github issue https://github.com/ivbeg/awesome-forensictools/issues or by direct writing pull request.

Table of contents / Содержание

• Collections
• Satellite and mapping services
• Geobased searches
• Documents metadata
• Images, videos and metadata
• Social media
• Transport
• Date and time
• Archiving
• Miscellaneous
• Guides and handbooks
• Data visualization
• Online security and privacy
• List of sources per country

Collections of tools

• OSINT Tools osintframework.com - huge collection of open source intelligence tools

Satellite and mapping services

• Bing Maps, satellite and mapping service, has more recent and sharper imagery than Google in several areas such as Iraq, bing.com/maps
• Date of the Bing imagery? Check: mvexel.dev.openstreetmap.org/bing 
• conversion of coordinates, convert geographic coordinates between different notation styles, synnatschke.de/geo-tools/coordinate-converter.php 
• DigitalGlobe, paid satellite imagery, but preview available for free via the catalogus, browse.digitalglobe.com/imagefinder 
• Geograph, georeferenced images, geograph.org 
• GeoNames, an online database of (various spellings of) locations names, geonames.org
• Google Earth Pro, google.com/earth/download/gep/agree.html 
• Bing Maps satellite imagery layer: ge-map-overlays.appspot.com/bing-maps/aerial 
• Google Maps, maps.google.com 
• HERE WeGo, mapping service which includes more recent satellite imagery from e.g. Iraq, wego.here.com 
• Mapillary, crowdsourced street-level photos, mapillary.com
• OpenStreetCam, crowdsourced street-level photos, openstreetcam.org 
• OpenStreetMap, openstreetmap.org 
• Panoramio, panoramio.com (no longer available)
• Sentinel Playground, apps.sentinel-hub.com/sentinel-playground   
• TerraServer, also a commercial company selling satellite imagery, but previews available: terraserver.com
• Wikimapia, crowdsourced information related to geographic locations, works like Google Maps but possibility to switch between Google, Bing, OSM, etc., wikimapia.org
• Yandex Maps, yandex.ru 

Geobased searches

• ($) Echosec, echosec.net (Instagram, Twitter, VK, Foursquare)
• LiveUAmap, aggregated open source information, liveuamap.com 
• Afghanistan: afghanistan.liveuamap.com 
• Islamic State: isis.liveuamap.com 
• Syria: syria.liveuamap.com 
• Ukraine: ukraine.liveuamap.com 
• Venezuela: venezuela.liveuamap.com
• ($) WarWire, warwire.net (Twitter, Instagram, VK, YouTube)
• Yomapic, yomapic.com

Geobased search on:

• YouTube youtube.github.io/geo-search-tool/search.html
• Twitter insert this is search box: geocode:[coordinates],[radius-km], for example: geocode:36.222285,43.998233,2km (only works with km, so 500m = 0.5km)

Documents metadata

• Hachoir3 [https://github.com/haypo/hachoir3] (https://github.com/haypo/hachoir3). Python library for metadata extraction from binary streams including MS Office documents
• Forensic wiki list of metadata extractors
• Metadata extractor github

Images, videos and metadata

Image and videos tools

• Amnesty YouTube Dataviewer, Reverse image (still of video) search and exact uploading time, amnestyusa.org/sites/default/custom-scripts/citizenevidence
• reverse image search
• Google Reverse Image Search, images.google.com (also available as Chrome and Firefox add-on)
• TinEye, tineye.com 
• Yandex, be aware that sometimes Russia’s Yandex has better results (example than Google’s reverse image search, yandex.com/images 

Photo/video metadata (EXIF and e.t.c.)

• Jeffrey's Image Metadata Viewer, to view the metadata of (online) photos, exif.regex.info/exif.cgi 
• Irfanview, irfanview.com
• Foca. Metadata extraction tool elevenpaths.com
• Goofile. Download and extract metadata
• Splunk and Metadata automation. Splunk
• Foto Forensics,fotoforensics.com        
• Image Forensics, https://29a.ch/photo-forensics/#level-sweep
• InVID, verification plugin to help journalists verify images and videos and debunk fake news, [invid-project.eu]http://www.invid-project.eu/invid-releases-fake-video-news-debunker-firefox-provides-code-open-source-mit-licence/) (plugins for Chrome and Firefox (Windows, Mac OS X, Linux.

Guides

• First Draft News, firstdraftnews.com/resource/visual-verification-guide-photos 

Social media

Multiple social networks

• NacheChk. Same name check over dozens of social networks namechk.com

Facebook

• Facebook Scanner, automatically advanced searched for Facebook profiles, stalkscan.com
• Facebook Search Tool, find accounts by name, email, screen name and phone, netbootcamp.org/facebook.html 
• Lookup-ID, another very complete Facebook search tool, lookup-id.com
• Facebook Graph tips, automatically advanced searches for Facebook profiles, graph.tips 
• Facebook Livemap, live broadcasts around the world, mapped on the world, facebook.com/livemap 
• Facebook Video Downloader Online, for downloading Facebook videos, fbdown.net
• Facebook search tool, advanced search tool for Facebook profiles, http://inteltechniques.com/osint/menu.facebook.html 
• peoplefindThor, advanced search tool for Facebook profiles, peoplefindthor.dk

LinkedIn

• Socilab, allows users to visualise and analyse your own LinkedIn network, socilab.com 

Snapchat

• Snap Map, a searchable map of geotagged snaps, via the mobile application, read here how.

Tumblr

• Tumblr Originals, find posts uploaded by the account, thus excluding reblogs, studiomoh.com/fun/tumblr_originals 

Twitter

• advanced search, twitter.com/search-advanced
• C, tweetbeaver.com/index.php

Geobased searches

• On Twitter, insert this is search box: geocode:[coordinates],[radius-km], for example: geocode:36.222285,43.998233,2km

• Onemilliontweetmap, maps tweets per location up to 6hrs old, and has a keyword search option, onemilliontweetmap.com 

• Union Metrics, find the reach of tweets, tweetreach.com/ 

Advanced Search Operators:

• term1 term2 - tweets with both term1 and term2 in any order (e.g. twitter metrics)
• term1 OR term2 - tweets with either term1 or term2 (e.g. analytics OR metrics)
• “term1 term2” - tweets with the phrase “term1 term2” (e.g. "twitter metrics")
• term1 -term2 - tweets with term1 but not term2 (e.g. twitter -facebook)
• @username - tweets mentioning or RTing a specific user (e.g. @unionmetrics)
• from:username - tweets from a specific Twitter user (e.g. from:unionmetrics)
• since:YYYY-MM-DD - tweets after a specific date in UTC (e.g. since:2017-03-30)
• until:YYYY-MM-DD - tweets before a specific date in UTC (e.g. until:2017-03-30)

YouTube

• Amnesty YouTube Dataviewer, Reverse image (still of video) search and exact uploading time, amnestyusa.org/sites/default/custom-scripts/citizenevidence

Transport

Aircraft

• OpenSky. Free aircraft tracking project opensky-network.org
• ADS-B Exchange Global Radar, which also includes a number of military aircraft, global.adsbexchange.com/VirtualRadar/mobile.html
• Flightradar24, to track (mostly) civilian aircraft currently in the air around the world, archive goes 12 months back but ($),  flightradar24.com
• RadarBox, worldwide coverage, includes private and military jets, radarbox24.com
• FlightView, flightview.com

Boats

• MarineTraffic, marinetraffic.com 
• VesselFinder, vesselfinder.com 
• Fleet Min, fleetmon.com

Trains

• France, full interactive map of the French railway system with live positions of trains, plus accuracy of schedule, raildar.fr/#lat=46.810&lng=6.880&zoom=6
• Germany, full interactive map of current positions of Deutsche Bahn railway network, apps-bahn.de/bin/livemap/query-livemap.exe/dn?L=vs_livefahrplan&livemap  
• Netherlands, full interactive map of the Dutch railway system, including live positions of trains, http://spoorkaart.mwnn.nl 

Misc

• WikiRoutes, public transport database, wikiroutes.info

Date and time

• SunCalc, to make an approximation of the time of the day based on shadows, suncalc.net 
• Weather, wolframalpha.com 

Whois, IP lookups, website analysis

• Censys
• Central Ops, CentralOps
• Certificate search, crt.sh 
• Complete DNS, historical DNS records,completedns.com/dns-history 
• BuildWith. Online database of web technologies used on website buildwith.com
• Domain Tools,DomainTools
• IXMaps,IXMaps
• Network-Tools
• Open Site Explorer

People search

• Peekyou, peekyou.com 
• Pipl, the world largest people search engine, find persons behind an e-mail address, social media username, or phone number, pipl.com
• Yasni, yasni.com
• Zaba Search, only US, zabasearch.com
• publicrecords.searchsystems.net
• cemetery.canadagenweb.org/search.html
• opencorporates.com

Networks

• Robtex
• BGPView to find networks and it's prefixes
• SearchIRC
• Shodan Computer Search
• Utrace
• ViewDNS
• D, research.dnstrails.com
• SpyOnWeb,to retrieve websites by their Trackingcodes, 
• Whois, for domain search and information, whois.net or whois.icann.org

Archiving

• Archive.is, let’s you archive any webpage.

• Let’s say you want to look whether old IS reports were archived, use a Google advanced search: make an <IS search term> justpaste.it site:archive.is and perhaps the site has been archived.

• CachedView.com, Google Cached Pages for any web site. It is the ultimate internet cache.

• Gruber, slideshare downloader, http://grub.cballenar.me/

• Historic Breach Database List, https://publicdbhost.dmca.gripe/random/

• Wayback Machine, which archives websites archive.org/web/web.php 

• Download an entire website from the Wayback Machine, github.com/hartator/wayback-machine-downloader

Miscellaneous

• Check for collaborative fact-checking, checkmedia.org 

• Link to user guide

• Bellingcat’s Check team

• Document Redaction, useful for removing potentially harmful content in Pdfs before viewing, like traceback, github.com/firstlookmedia/pdf-redact-tools

• Geo IP Tool, check your own IP, handy to check if your VPN is working, geoiptool.com

• Google Search Operators, such as searching for a specific filetype (e.g. PDF) or on a specific website, googleguide.com/advanced_operators_ 

• Insecam, network live IP video cameras directory, insecam.org/en/ 

• Knight Lab, make an interactive timeline of events, timeline.knightlab.com 

• LittleSis, a database of who-knows-who at the heights of business and government, littlesis.org

• Lumen, the Lumen database collects and analyses legal complaints and requests for removal of online materials, helping Internet users to know their rights and understand the law. These data enables us to study the prevalence of legal threats and let Internet users see the source of content removals, lumendatabase.org 

• Maltego tool, paterva.com/web7

• Montage for collaborative working, montage.storyful.com

• OpenCorporates, database of companies in the world,         

• People tracer, peopletracer.co.uk 

• Research sidekick Hunch.ly, hunch.ly

• Visual Investigative Scenarios (VIS), a tool, 

• Wolfram Alpha, for any question and a computer-generated answer, wolframalpha.com 

• Zoopla, Search for property with the UK's leading resource. Browse houses and flats for sale and to rent, and find estate agents in any area, zoopla.co.uk 

Guides and handbooks

• Bellingcat’s resources, www.bellingcat.com/category/resources/how-tos, for example:

• Ee, a project by the Tactical Tech Collective,  exposingtheinvisible.org

• Includes multiple guides (website data scraping, Google Dorking etc.), resource links, and examples of successful investigations in various fields

• First Draft News’ resources, some of which have been written by Bellingcat members, firstdraftnews.com/resources, for example:

• How to Get Started in Online Investigations

• The Verification Handbook (PDF) is a great place to go, verificationhandbook.com

Weapons

• Open guide called “Itrace” by Conflict Armament Research, lots of information on different kinds of munitions and weapons presented graphically on a map format, itrace.conflictarm.com 

Data visualization

• DataBasic.io, web tools for beginners that introduce concepts of working with data,  databasic.io/en 
• DataWrapper, easy to use chart and mapping tool, datawrapper.de 
• Google Fusion Tables, fusiontables.google.com  
• Maptia, maptia.com 
• Visual investigative scenarios, vis.occrp.org 
• RAWGraphs, free webtool to quickly visualize your data, app.rawgraphs.io

Online security and privacy

• Check for every digital service you use whether you have enabled two factor authentication (2FA), twofactorauth.org 
• Security in a box guide: https://securityinabox.org/en/ 

Search engines which protect privacy

• DuckDuckGo, Internet search engine, protecting privacy, duckduckgo.com
• Qwant, Internet search engine, protecting privacy, qwant.com 

List of sources per country

Iraq

• Provinces of the so-called Islamic State, umap.openstreetmap.fr

Russia

• SearchFace. Face search services for Vkontakte searchface.ru

OSINT guides

• How to use google and other online instruments to analyze person accounts. Russian language
• How to use social networks API for OSINT purposes

Syria

• Opposition media, see this excellent list compiled by Noor Nahas of multimedia sources from Syrian opposition groups, reddit.com
• Provinces of the so-called Islamic State, umap.openstreetmap.fr