Strings

Easy way to find sequences of printable characters in files

File

Attempt to classify any file

TrID

Utility designed to identify file types from their binary signatures

Exiftool

reading, writing and editing meta information in a wide variety of files

CFF Explorer

Full support for PE32/64, process viewer, .NET, rebuilder, hex, import adder, signature scanner, signature manager, extension support, scripting, disassembler, dependency walker

Aircrack-ng

Complete suite to assess WiFi network security (replay attacks, deauth, fakeap and packet injection etc) Cracking: WEP and WPA PSK (WPA 1 and 2)

Creddump

Python tool to extract various credentials and secrets from Windows registry hives

Extundelete

Utility that can recover deleted files from an ext3 or ext4 partition

Malzilla

Explore malicious webpages and view their code with Malzilla

NetworkMiner

Network Forensic Analysis Tool (NFAT) for Windows (but also works in Linux / Mac OS X / FreeBSD)

Shellbags

Cross-platform, open-source shellbag parser of raw Windows Registry hive

Ctf_import

Small library that allows you to run basic functions from stripped binaries cross platform

Jsdetox

Javascript malware analysis tool using static analysis / deobfuscation techniques

JStillery

Advanced JS Deobfuscation via Partial Evaluation

De4js

JavaScript Deobfuscator and Unpacker

Zsteg

Detect stegano-hidden data in PNG & BMP

Raccoon

Offensive Security Tool for Reconnaissance and Information Gathering

Usbrip

Simple forensics tool with command line interface that lets you keep track of USB device artifacts

Hunter.io

Email enumeration tool

Crt.sh

Certificate enumeration tool

Haveibeenpwned

Useful for breach enumeraton

Jsnice

Online tool to make even obfuscated JavaScript code readable

Unfurl

Unfurl takes a URL and expands ("unfurls") it into a directed graph, extracting every bit of information from the URL and exposing the obscured

Gqrx SDR

Gqrx is an open source software defined radio receiver (SDR) Airspy, Funcube Dongles, rtl-sdr, HackRF and USRP devices

SigintOS

SigintOS as the name suggests, SIGINT is an improved Linux distribution for Signal Intelligence. (HackRF, BladeRF, USRP, RTL-SDR)

URH

Universal Radio Hacker (URH) is a complete suite for wireless protocol investigation with native support for many common Software Defined Radios

Autopsy

Autopsy is the premier end-to-end open source digital forensics platform

LinEnum

Best scripted local Linux enumeration & privilege escalation checks

IPED

Digital Forensic Tool. It is an open source software that can be used to process and analyze digital evidence

Lynis

Security tool for systems running Linux, macOS, or Unix-based system. Performs an extensive health scan of your systems to support system hardening and compliance testing

Maltego CE

Comprehensive tool for graphical link analyses (OSINT) that offers real-time data mining and information gathering, as well as the representation of this information on a node-based graph

Tcpdump

Powerful command-line packet analyzer; and libpcap, a portable C/C++ library for network traffic capture

EML Header Analyzer

E-Mail (EML) Header Analyzer can analyze e-mail header lines and print out the Received lines separately and clearly

Robtex

Robtex is used for various kinds of research of IP numbers, Domain names, etc

Walletexplorer

Bitcoin block explorer with address grouping and wallet labeling

Sift-workstation

Collection of free and open-source incident response and forensic tools designed to perform detailed digital forensic examinations in a variety of settings. It can match any current incident response and forensic tool suite

FTK Imager

Obtaining forensic images of computer data, without making changes to the original evidence. Works with many file systems and virtual image types

SigDigger

Qt-based digital signal analyzer, using Suscan core and Sigutils DSP library for hackrf and other sdr-rtl dongles

Cardpeek

Cardpeek is a Linux/Windows/Mac OS X tool to read the contents of ISO7816 smart cards. It features a GTK GUI to represent card data in a tree view, and is extendable with a scripting language (LUA)

Nfc-list

nfc-list is part of libnfc and is a basic tool to detect rfid/nfc

CyberChef

The best online tool for analysing and decoding data

VirusTotal

Analyze suspicious files and URLs to detect types of malware, automatically share them with the security community

Checksec.sh

Checksec is a bash script to check the properties of executables (like PIE, RELRO, Canaries, ASLR, Fortify Source)

Cheat-engine

Cheat Engine. A development environment focused on modding. Wont recommend it due to suspicious addsense usage but a good starting point for editing live memory space on windows.

Etherblob-explorer

Search and extract blob files on the Ethereum Blockchain network

Apple Disk Copy

7z x apple-disk-image.dmg

Sherlock

Hunt down social media accounts by username and email across social networks

DumpIt

Windows Utility is used to generate a physical memory dump of Windows machines. It works with both x86 (32-bits) and x64 (64-bits) machines.

Dumpzilla

Dumpzilla application is developed in Python 3.x and has as purpose extract all forensic interesting information of Firefox, Iceweasel and Seamonkey browsers to be analyzed.

Qemu-img

qemu-img allows you to create, convert and modify images offline. It can handle all image formats supported by QEMU. Raw images, img, iso, vmdk, vdi, vhdx, vpc, vm ware images and qcow + qcow2 + coop.

Vbox-img

vbox-img allows you to create, convert and modify images offline. It can handle all image formats supported by QEMU. Raw images, img, iso, vmdk, vdi, vhdx, vpc, vm ware images and qcow + qcow2 + coop.

MalConfScan

Volatility plugin for extracts configuration data of known malware

Undocker

Go library and command line tool for decomposing docker images.

FireEye Redline

Redline, FireEye's premier free endpoint security tool, provides host investigative capabilities to users to find signs of malicious activity through physical raw memory dump and file analysis

Volatility3

Volatility3 (python3) is the world's most widely used framework for extracting digital artifacts from volatile raw physical memory (RAM) dump and samples. The extraction techniques are performed completely independent of the system being investigated

Volatility

Volatility Framework (python2) - Volatile raw physical memory dump and sample extraction utility framework for volatile storage (RAM)

XorFiles

Raid 5 - restore disks from other raid disks via XOR operation. Note this is just a simple xor between two files.

Xor-files

xor-files -r broken-disk3.img raid-disk1.img raid-disk2.img

Mdadm

mdadm is used to handle software raids on Linux. You can use this tool to create, build, assemble, rebuild, monitor any raid type on Linux. Dont forget the order of the disks is important when trying to assemble an already created raid array etc.