504ENSICS Labs has been the creative force behind several digital forensics tools. Here we make it easy to find more information on our creative endeavors and download them for your own use.

Spotlight Inspector (SI)

SI is a free application for computer forensic investigation of Mac OSX computers. Until now, there has never been an effective cross-platform forensics tool for accessing Spotlight internal data from Mac OSX systems – which is where all of the information about files indexed on a computer can be accessed by forensic investigators. This information gathering is crucial to Digital Investigators.

Dalvik Inspector (DI)

DI is a free, cross-platform GUI tool for analysis of Dalvik-level objects from dumps of physical RAM from Android devices. RAM dumps can be acquired using Lime, and parsing makes use the Volatility Framework.

Differential Analysis of Malware in Memory (DAMM)

DAMM is a tool for Differential Analysis of Malware in Memory built on top of Volatility. Its main objective is as a test bed for some newer techniques in memory analysis, including performance enhancements via persistent SQLite storage of plugin results (optional); comparing in-memory objects across multiple memory samples, for example processes running in an uninfected samples versus those in an infected sample; data reduction via smart filtering (e.g., on a pid across several plugins); and encoding a set of expert domain knowledge to sniff out indicators of malicious activity, like hidden processes and DLLs, or windows built-in processes running form the wrong directory. DAMM is free and open source. Walk through and more information available with the download link.

