Engineer's Toolset

An exhaustive list of the forensic, recovery, and diagnostic tools pre-installed on the live environment.

Autopsy
Professional digital forensics platform and graphical interface.
Baobab
Graphical directory tree analyzer for disk usage.
Binwalk
Tool for searching binary images for embedded files and executable code.
Chntpw
Utility to overwrite passwords of Windows SAM files and edit Registry.
Cryptsetup
Interface for configuring disk encryption via dm-crypt.
Ddrescue
Data recovery tool that copies data from one file or block device to another.
Dr.Rescue's Handbook
System recovery documentation for engineers and technicians.
E2fsprogs
Standard utilities for creating, fixing, and maintaining ext2/3/4 filesystems.
Ext4magic
Tool to help recover deleted or overwritten files on ext3/4 partitions.
Extundelete
Utility that can recover deleted files from an ext3 or ext4 partition.
Fdisk
Command-line utility for manipulating disk partition tables.
Flashrom
Utility for identifying, reading, writing, verifying and erasing flash chips.
Foremost
Console program to recover files based on their headers, footers, and internal data structures.
Gdisk
Text-mode menu-driven program for creation and manipulation of partition tables.
Glances
Cross-platform system monitoring tool.
Gpart
Guess PC-type hard disk partitions from a ghost of the primary partition table.
GParted
Graphical partition editor for creating, reorganizing, and deleting disk partitions.
Guymager
Forensic imager for media acquisition.
Hdparm
Command-line interface to various kernel interfaces supported by the Linux SATA/PATA/SAS "libata" subsystem.
Htop
Interactive process viewer and system monitor.
Lsof
List Open Files - displays information about files opened by processes.
Magicrescue
Scans a block device for file types it knows how to recover.
Ncdu
NCurses Disk Usage - a disk usage analyzer with an ncurses interface.
Netcat-openbsd
Versatile utility for reading from and writing to network connections.
NVMe-CLI
NVMe management command-line interface.
Nwipe
Program that will securely erase the entire contents of a disk.
Openssh-client
Secure shell client for remote access.
Partclone
Utilities to back up and restore partitions.
Partimage
Linux utility which saves partitions in many formats to an image file.
Rclone
Command-line program to manage files on cloud storage.
Rescuexy Framework
Specialized integrated recovery framework.
Safecopy
Data recovery tool to extract data from source that has hardware errors.
Scalpel
A frugal, high performance file carver.
Scrub
Writes patterns on magnetic media to make data retrieval difficult.
Secure-delete
Tools to securely wipe files, free disk space, swap and memory.
Sleuthkit
Collection of command line tools that allow you to analyze disk images.
Smartmontools
S.M.A.R.T. monitoring tools to control and monitor storage systems.
Strace
Diagnostic, debugging and instructional userspace utility for Linux.
T4rnzy Recovery
User-friendly and easy-to-use recovery set.
Tcpdump
Command-line packet analyzer.
Testdisk
Free data recovery software designed to help recover lost partitions.
Tshark
Network protocol analyzer that lets you capture packet data from a live network.
Unrar-free
Free software version of the non-free unrar utility.
Wipe
Secure file wiping utility.