A curated suite of next-gen ++ utilities built for PC checkers and digital forensics. Free, fast and constantly improved.
The all-in-one downloader for detect.ac's free tools suite and other free public forensic tools. Get every ++ tool and public free tools in a single, streamlined installerm with built in file explorer, auto extraction and more.
This program is a completely rebuilt and enhanced alternative to Microsoft Sysinternals Autoruns. It monitors USN journal modifications for startup entries, features flawless digital signature verification, and includes intuitive checkboxes to quickly filter out anomalies and pinpoint suspicious files.
String Explorer enables seamless navigation of an executable's complete string data, allowing users to verify compilation dates, analyze entropy, and detect anomalous indicators. Equipped with intuitive filtering checkboxes and direct VirusTotal integration, it streamlines the identification of potentially malicious files.
MOSS 2.0 is a complete rewrite of MOSS (Match Observation & Statistical System) built specifically for Rainbow Six Siege. Developed by detect.ac, it provides real-time integrity monitoring during competitive matches to ensure a fair playing environment.
This enhanced version of WinPrefetchView introduces built-in bypass detections and highlights modified files in pink for easy analysis. In addition to the best signature checks and YARA rules for every file, you now have the flexibility to import and run your own custom YARA rules as well.
This enhanced USBDeview maximizes artifact usage, pulling every available device log from multiple different sources and cross-referencing and compiling them all into one. We compare their ID's against DeviceHunt and other live APIs for instant analysis. It's the ultimate tool for neutralizing DMA threats and USB bypasses by flagging unverified firmware and finding hidden traces of cleaned USB devices, retaining everything you love about the original USBDeview while adding a new high-level forensic depth.
This tool will show you every file saved to disk, and cross reference multiple artifacts to get time stamps for when that download occurred. Completely local and doesn't touch your browser at all, with built in bypass detections for cleaners trying to bypass.
This tool comprehensively maps every file path and active service from SRUM (System Resource Usage Monitor), reflecting their network usage (in bytes) and connection timestamps. For deeper analysis, it features automated forensic checks, generic YARA rule matching on all executables, and integrated USN journal modification tracking and more!
This tool is a new and improved replacement for Hayabusa, offering comprehensive scraping of all PowerShell history artifacts. It features advanced filters and flags designed to streamline the discovery of PowerShell-related bypasses, all while maintaining robust, built-in bypass detections also.
Introducing an enhanced paths parser featuring a streamlined GUI that supports multiple input methods. This improvement includes integrated YARA rule support with the flexibility to add custom rules, alongside a visual USN journal viewer that highlights modifications in pink for rapid analysis.
This tool gives you a defined view of the $MFT, it identifies suspicious Alternate Data Streams and has accurate filtering for historical file traces. It is an essential tool for PC Checkers needing to verify whether a specific file has ever been present on the system.
This tool dumps both Kernel and User-mode RAM altogether, has the ability to load external dumps, and compiles the captured strings into a comprehensive filterable results table. Users can seamlessly toggle between suspicious flagged strings and the full dump via a switch box, with the added flexibility to import custom search strings also.
As an evolved version of Journaltrace, this version introduces integrated USN Journal bypass detections and sophisticated filtering by reason, keywords and more. The result is a more reliable, feature-rich environment specifically for PC Checkers USN Journal analysis.
This tool compiles all Windows crash-related artifacts into a single, unified view. It features USN entry highlighting for quick identification of modified crashed files and integrated bypass detection to uncover attempts at log clearing. Additionally, users can extend the tool's detection capabilities by importing custom YARA rules to complement the built-in current rules.
This tool consolidates browsing history from across multiple browsers into a single, unified interface. It features an overall filter box, automated flagging for suspicious domain visits, and a Virustotal link to the sites virus overview. and provides advanced timestamps to analyse user behaviour and site engagement timing.
This utility consolidates download history from multiple browsers into a single, unified view. It automatically identifies USN Journal modifications associated with downloaded files, highlighting them in pink for rapid review, and integrates a YARA scanning engine that supports both built-in and custom rules.
This utility extracts execution history and timestamps from the Background Activity Monitor (BAM) for all programs. It features an upgraded YARA engine with support for custom rules, visual USN modification flags for files highlighted in pink, and integrated bypass detections to identify attempts at BAM artifact tampering or cleaning.
Introducing a high-performance Amcache parser featuring integrated YARA scanning for suspicious file detection. This version offers full support for custom rule sets, advanced filtering by SHA1 hash or other data, and a one-click VirusTotal integration to view the files virus flags.
Try a different search term or clear the filter.