DiskTriage
DiskTriage is a free forensic tool used to analyze disk images for potential evidence. It scans disk images to extract deleted files, scan for malware, find hidden data, and build a timeline of system activity.
forensics
disk-analysis
data-recovery
free-tool
DiskTriage: Forensic Tool for Analyzing Disk Images
Free forensic tool used to analyze disk images for potential evidence, extracting deleted files, scanning for malware, finding hidden data, and building a timeline of system activity.
What is DiskTriage?
DiskTriage is a free, portable forensic analysis tool used to analyze disk images like those created by FTK Imager or EnCase. It is designed to automatically scan a disk image and extract key evidence to help investigators quickly determine if a disk image contains relevant data for an investigation.
Some of the key features of DiskTriage include:
- Extracting deleted files and recovering them for analysis
- Scanning for malware or rootkits
- Finding hidden and encrypted data partitions
- Building a timeline of file and system activity
- Hashing files and indexing metadata for filtering and searches
- Supporting common image formats like RAW, AFF, and AD1
DiskTriage produces HTML reports detailing its findings like deleted files, installed programs, file timestamps, file hashes, keyword searches, and more. It has an intuitive graphical interface but also supports command line usage for automation.
While it does not replace a full forensic investigation and analysis, DiskTriage aims to streamline and speed up the triage process at the early stages of an investigation. With DiskTriage, examiners can quickly spot disks that warrant deeper analysis and discard those that do not.
DiskTriage Features
Features
- Recover deleted files
- Scan disk images for malware
- Find hidden and encrypted data
- Build a timeline of system activity
Pricing
- Free
Pros
Free to use
Easy to use interface
Extracts a variety of file types
Can process multiple disk images
Cons
Limited functionality compared to paid tools
Cannot recover data from physically damaged drives
Lacks support for newer file systems
Official Links
The Best DiskTriage Alternatives
Top Security & Privacy and Forensics and other similar apps like DiskTriage
Here are some alternatives to DiskTriage:
Suggest an alternative ❐
TreeSize
TreeSize is a powerful disk space manager for Windows that provides an in-depth analysis of disk usage to help free up space. It scans local drives, external drives, network shares and cloud storage to build an interactive tree map visualization that displays the size of folders and files down to...
WinDirStat
WinDirStat is a graphical disk usage utility for Microsoft Windows that allows users to easily visualize disk space usage on their computer's hard drive. Developed as an open source tool, WinDirStat aims to be an alternative to the built-in Windows Explorer disk usage function.When launched, WinDirStat scans the selected drive...
DaisyDisk
DaisyDisk is a popular disk space analyzer and cleanup utility designed specifically for Mac. It provides a visual overview of the files and folders taking up space on your hard drives, making it easy to see what is using up capacity so you can free up more space.When launched, DaisyDisk...
WizTree
WizTree is a powerful disk space analyzer and cleanup tool for Windows. It provides ultra-fast scanning of hard drives to give you a complete visualization of disk usage broken down by file types, folders, and drive usage. Key features of WizTree include:Very fast scanning and analysis - it can scan...
Baobab Disk Usage Analyzer
Baobab is a graphical disk usage analyzer for Linux designed to help users understand what is taking up space on their hard drives or folders. It features an intuitive tree map visualization that allows you to easily identify large files and folders, making it simple to free up space by...
GrandPerspective
GrandPerspective is a free and open source disk space analyzer application designed specifically for the macOS operating system. It provides users with a graphical visualization of what files and folders are taking up space on their hard drives.One of the key features of GrandPerspective is its use of treemap layouts....
DiskUsage
DiskUsage is a free, open-source disk space analyzer for Windows. It provides an interactive, zoomable map of concentric, segmented rings representing your disk usage that allows you to easily visualize the breakdown of disk space usage on your drives.Some key features of DiskUsage include:Color-coded visual map of disk usage -...
JDiskReport
JDiskReport is a free, open-source disk space usage visualization tool for Windows. It provides users with an intuitive tree map or sunburst chart visualizing folder sizes on local, network, or external drives.Some key features of JDiskReport include:Tree map and sunburst chart graphs for easy visualization of disk usageSupport for local...
Filelight
Filelight is an open source application that provides visual disk usage analysis for Linux systems. It enables users to interactively browse their file system and see the accumulated size of folders in colored segments. This makes it easy to identify folders that are taking up large amounts of disk space.Some...
SquirrelDisk
SquirrelDisk is a free open source desktop application for Windows that enables users to create encrypted virtual disk drives to securely store sensitive files and folders. It utilizes the industry standard AES encryption algorithm with 256-bit keys to protect data from unauthorized access.Some key features of SquirrelDisk include:Ability to create...
RidNacs
RidNacs is a database management software that provides an alternative to Microsoft Access with more simplicity and ease-of-use. Developed as an open-source project, RidNacs aims to deliver core database functionality without the complexities and steep learning curve often associated with Access.Some key features of RidNacs include:Intuitive graphical interface for designing...
