Forensics

Tools

Tool	Description
xxd	Converts binary files to hex dump and vice versa
dd	Low-level utility for copying and converting data
grep	Searches text using regular expressions in files or streams

Nix - Flake environment

flake;Nix

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
{
  description = "Forensic Environment";
  inputs = {
    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
    flake-utils.url = "github:numtide/flake-utils";
  };

  outputs =
    {
      self,
      nixpkgs,
      flake-utils,
    }:
    flake-utils.lib.eachDefaultSystem (
      system:
      let
        pkgs = nixpkgs.legacyPackages.${system};
      in
      {
        devShells.default = pkgs.mkShell {
          buildInputs = with pkgs; [
            python313Packages.impacket
            python313Packages.pyshark
            foremost
            networkminer
            scalpel
            volatility3
            volatility2-bin
            veracrypt
            sleuthkit
            bulk_extractor
            firefox_decrypt
            dive
            autopsy
            testdisk
            testdisk-qt
            wireshark
            tshark
          ];
        };
      }
    );
}

Resources

CTF Field Guide - Forensics

Last updated on May 18, 2026