I have organized the tools into Windows-based and Unix-based. Note that many tools can analyze systems from a different platform, so you can use UNIX-based tools to analyze a Windows system.

• Bootable Environments: Software that you can use to boot a suspect system into a trusted state.
• Data Acquisition / IR Tools: Software that you can use to collect data from a suspect system.
• Media Management Analysis Tools: Software that you can use to examine the data structures that organize media, such as partition tables and disk labels.
• File System Analysis Tools: Software that you can use to examine a file system or disk image and show the file content and other meta data.
• Application Analysis Tools: Software that you can use to analyze the file content.
• Network Analysis Tools: Software that you can use to analyze network packets and traffic. This does not include logs from network devices.