v2.0 — Production Ready

Digital Forensics
Redefined.

A next-generation forensic intelligence tool built in Rust.30+ modules · 85+ forensic checks · 4.7 MB binary · Zero dependencies

forensekit v2.0
0+Modules
0+Forensic Checks
6.7MBBinary Size
0External Deps
0Platforms

Why ForenseKit

Forensic investigations need speed, integrity and control

ForenseKit is built for professionals and organizations that need focused forensic collection, clear licensing, and audit-ready outputs without exposing internal methodology.

6.7MB

Lightweight binary

Fast to deploy in controlled environments.

35+

Capability areas

Broad coverage across common investigation domains.

100+

Internal checks

Structured review flow for repeatable investigations.

0

External dependencies

Designed for portability and reduced operational friction.

Flexible licensing for real-world investigationsPersonal, per-case, monthly, annual and enterprise options.

Core Capabilities

Everything you need. Nothing you don't.

Built in Rust

Memory-safe, blazing fast, single static binary. No runtime, no dependencies.

Cross-Platform

Native support for Linux, Windows, and macOS. One tool for every OS.

YAML Configuration

Define custom collection profiles. Target specific artifacts and automate workflows.

Evidence Integrity

Integrity controls, ownership attribution, and audit-ready evidence handling.

Rich Reports

Generates audit-ready outputs for review, reporting and handover.

Anti-Cracking

Multiple protection controls against tampering and misuse.

Date Filtering

Collect artifacts within specific date ranges to focus your investigation.

Lightweight & Fast

4.7MB binary that runs instantly. No bloat, no waiting for indexing.

Workflow

From deployment to court-ready evidence in minutes

STEP 01

Deploy

Drop the 4.7MB binary on any machine. Zero installation.

STEP 02

Configure

Use YAML profiles or run the default full-scan.

STEP 03

Collect

30+ modules, 85+ checks in seconds. All evidence hashed & signed.

STEP 04

Report

HTML/TXT reports + chain of custody + signed TAR.GZ for court.

Capability Map

Broad forensic coverage without exposing the playbook

ForenseKit consolidates multiple forensic domains into a single controlled workflow. The landing page shows scope, not implementation details.

Endpoint & OS Artifacts

Collects relevant operating system and endpoint evidence for investigation context.

User Activity & Applications

Reviews activity traces from common user applications and local usage patterns.

Network & Connectivity

Builds a view of communications, connectivity indicators and network-related artifacts.

Web & Browser Evidence

Extracts browser-related evidence across common browsing environments.

Cloud & Developer Footprints

Identifies relevant cloud, container and development environment traces.

Advanced Evidence Review

Applies specialized analysis routines for complex investigations and suspicious activity.

NEW — Complete+ Plans

System & Application Forensic Audit

Go beyond OS-level forensics. Audit any software system — ERP, billing, accounting, e-commerce, databases — for fraud, manipulation, and compliance violations.

🗄️

Database Integrity

Detect unauthorized modifications, deleted records, and schema tampering

🕐

Timestamp Forensics

Identify backdated entries, clock manipulation, and timeline inconsistencies

💰

Financial Forensics

Benford's Law analysis, duplicate detection, round-number anomalies

👁️

Behavior Analysis

Unusual access patterns, privilege escalation, off-hours activity

📤

Exfiltration Detection

Data leaks, unauthorized exports, suspicious file transfers

💬

Communications Forensics

Email analysis, messaging artifacts, coordination evidence

🔍

Source Code Analysis

Backdoors, hardcoded credentials, suspicious logic changes

📋

Compliance Mapper

Map findings to GDPR, HIPAA, PCI-DSS, SOX frameworks

⚖️

Custody Report

Court-ready chain of custody documentation with Ed25519 signatures

💡 Real-world use case

A company suspects its ERP system was manipulated to hide fraudulent transactions. The auditor connects ForenseKit via USB, selects the ERP system type, and runs 15 specialized modules. In seconds, ForenseKit detects timestamp manipulation, Benford's Law anomalies in financial data, unauthorized database modifications, and suspicious communications — all documented with digital signatures and chain of custody.

Supported system types:

ERP / ManagementWeb ApplicationsDatabasesBilling SystemsAccounting / FinancialE-commerceEmail ServersCustom Applications

Available in Complete and Enterprise plans

Positioning

ForenseKit vs. traditional forensic suites

AreaForenseKitTraditional suites
PricingFlexible per-case, monthly and annual licensingHigh annual commitments and enterprise quoting
DeploymentLightweight controlled binaryLarge installations and heavier environments
CoverageBroad investigation coverage in one workflowCoverage often depends on separate products or add-ons
ReportingAudit-ready outputs with license attributionReporting varies by tool and deployment
License ownershipReports are tied to the registered ownerOwnership controls vary by vendor
DistributionBinary + signed licenseVendor portals, installers and contract workflows

Benchmark

What only ForenseKit offers

Features no other forensic tool combines in a single binary

6.7MB

6.7 MB binary

6.7MB

~30 MB RAM

0

0 dependencies

3

3 platforms

SLA tracking with deadline extensions and audit trail
Cross-case IOC correlation across all investigations
Forensic team management with industry-standard roles
Auto-generated executive summary and remediation checklist
Court-ready and technical report templates
Private analyst workspace (never in evidence packages)
Professional case identification and tracking system
Digitally signed evidence packages with tamper detection
Keyword search with cross-case correlation
Organized case structure by contractor and subject

Pricing

Enterprise power. Accessible pricing.

Pay per case or choose a monthly/annual plan. No hidden fees.

🚀 Launch pricing — limited time offer

Free

Demo

Validate ForenseKit with very limited capabilities. Includes GUI viewer to explore results visually before choosing a paid license.

3 evaluation cases
Very limited capabilities
Basic validation results
GUI viewer included (read-only)
No forensic reports or chain of custody

3 demo cases included

$0

Personal

Starter

Essential forensics for straightforward investigations.

Best for: basic forensic checks and initial investigations

Per casefrom$59
Monthlyfrom$149
Annualfrom$1,190
  • System & OS modules
  • Browser forensics (8 engines)
  • Network analysis
  • Basic reporting (TXT + HTML)
  • SHA-256 evidence hashing
  • Email support
Most Popular

Personal

Professional

Advanced capabilities for complex investigations.

Best for: independent DFIR consultants and recurrent cases

Per casefrom$149
Monthlyfrom$349
Annualfrom$1,790
  • Everything in Starter
  • Dark web & P2P analysis
  • Crypto wallet scanning (11 types)
  • VPN & messaging forensics
  • Cloud forensics (AWS/Azure/GCP)
  • YAML custom profiles
  • Ed25519 digital signatures

Personal

Complete

Full arsenal for the most demanding investigations.

Best for: advanced investigations with maximum coverage

Per casefrom$249
Monthlyfrom$599
Annualfrom$2,990
  • Everything in Professional
  • Pattern scanner (61 rules)
  • Ransomware indicators
  • Supply chain analysis
  • AI model & deepfake detection
  • IoT & mobile forensics
  • Compliance (GDPR/HIPAA)

Personal

CLI vs CLI + GUI

All Personal plans are available in CLI-only or CLI + GUI. Select the modules you need for each case.

CLI

from $59/caseCommand line

Full forensic collection, evidence verification, and signed packages from the terminal.

CLI + GUI

from $99/casePremium

Everything in CLI plus the web-based forensic console: dashboard, case management, search, SLA tracking, and visual evidence review.

All plans allow you to select which modules to run for each case, limited to the modules included in your plan.

Enterprise

All modules included

For organizations that need full forensic coverage under a corporate license.

Per case

Up to 3 named users for the case

$1,499

Buy

Monthly

Up to 5 named users

$2,999

Buy

Annual

Up to 10 named users

$49,999

Contact
  • Full ForenseKit module library
  • Unlimited cases during active period
  • Company + authorized user attribution

Security & Integrity

Evidence integrity is non-negotiable

Paid outputs are delivered as verifiable evidence packages. Reports remain readable, but any post-generation modification invalidates verification.

Verifiable evidence packages

Paid case outputs include integrity metadata so every generated file can be verified after delivery.

License-defined attribution

Report ownership is defined by the signed license: professional name for Personal, organization plus authorized user for Enterprise.

Modification detection

If a TXT, HTML or custody file is changed after generation, package verification fails.

Ready to upgrade your forensics?

Get ForenseKit for your lab or agency.