- grr – GRR Rapid Response is an incident response framework focused on remote live forensics.
- Volatility – Python based memory extraction and analysis framework.
- mig – MIG is a platform to perform investigative surgery on remote endpoints. It enables investigators to obtain information from large numbers of systems in parallel, thus accelerating investigation of incidents and day-to-day operations security.
- ir-rescue – ir-rescue is a Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.
- Logdissect – CLI utility and Python API for analyzing log files and other data.
- Meerkat – PowerShell-based Windows artifact collection for threat hunting and incident response.
- LiME – Linux Memory Extractor