Downloads

Download Arsenal’s Latest Digital Forensics Tools

Please note: Arsenal Image Mounter v3.11.290 and Hibernation Recon v1.2.3.87 introduced adjustments to our licensing system which will require new builds of the rest of our tools. We are in the process of releasing new builds and the licensing system adjustments will be mentioned in each tool's change log.

Arsenal’s Open Source Digital Forensics Tools

Backstage Parser is a Python tool that can be used to parse the contents of Microsoft Office files found in the “\BackstageinAppNavCache” path.

GITHUB

CyberGate Keylogger Decryption Tool is a Python tool that can be used against CyberGate encrypted keylogger files to decode the cipher text and return the original plaintext that was captured by the Remote Access Trojan (RAT).

GITHUB

Gmail URL Decoder is a Python tool that can be used against plaintext or arbitrary raw data files in order to find, extract, and decode information from Gmail URLs related to both the new and legacy Gmail interfaces.

GITHUB

NetWire Log Decoder is an AutoIt tool that carves and parses (a/k/a scans, filters, and decodes) NetWire log data from files or devices. NetWire versions 1.6 and 1.7, on Windows and Linux, have been tested.

GITHUB

Sdba Parser is an AutoIt tool that carves and parses Sdba memory pool tags (produced by Windows 7) from any input file. Sdba memory pool tags contain executable file paths and NTFS last written timestamps (at time of execution).

GITHUB

NwStacks is an AutoIt tool that assists with NetWire stack analysis. This tool (and other information on its GitHub project) is associated with the article "Forensic Analysis of the NetWire Stack" in Digital Forensics Magazine Issue 52.

GITHUB

Join the List

Arm yourself with updates about Arsenal tools, training, and research. Our mailing list is double opt-in so you will need to check your email and confirm your subscription before receiving our mailings.