Skip to content

Welcome to the Forensics Wiki

The Forensics Wiki has transitioned to this new domain and platform; read more about it at Transitioning Forensics Wiki to GitHub.

The Forensics Wiki is an open source website providing information related to digital forensics. The articles on the website cover a wide range of information from tools used during investigations to papers people and organizations that contribute to the field.

Please see the community page if you would like to contribute.

Discover Content


In order to make content discoverable, articles are being categorized using tags. Each page on this website is labled with tags. The page could have one tag or multiple tags depending on the content of the site. Tags are placed at the top of the article.

For example, the Full Disk Encryption article has three tags: Encryption, Disk Encryption and Anti-Forensics. If you clicked on anyone of the tags, it will bring you to all content categorized under that tag.


tags Articles
Operating Systems
  • Windows: windows_vista, windows 7, windows 8, windows 10
  • Unix: freebsd, netbsd, openbsd, solaris, aix
  • Mobile OS: android, ios, windows mobile
  • Tools
  • File Analysis: bless, ghidra, PST File Viewer, hachoir
  • Timeline Analysis: timesketch, Plaso
  • Disk Analysis: sleuthkit, bulk_extractor, fiwalk
  • Network Analysis: snort, tcpdump, nmap
  • File Formats
  • Archive: zip, tar, gfzip
  • Database: sqlite, olm, Thumbs.db
  • Disk Image: aff, raw image, qcow image format
  • Articles that need to be expanded

    There are a number of articles that could use some love. If you want to help out, please read about contributing.

    Contribute on to the Forensics Wiki on GitHub

    The Forensics Wiki is now on GitHub and accepting content contributions from the community. Please see the community page for instructions if you would like to add or edit content.

    For more information about Forensics Wiki on MediaWiki see: