Digital Forensics
Redefined.
A next-generation forensic intelligence tool built in Rust.
30+ modules · 85+ forensic checks · 4.7 MB binary · Zero dependencies
Why ForenseKit
Forensic investigations need
speed, integrity and control
ForenseKit is built for professionals and organizations that need focused forensic collection, clear licensing, and audit-ready outputs without exposing internal methodology.
6.7MB
Lightweight binary
Fast to deploy in controlled environments.
35+
Capability areas
Broad coverage across common investigation domains.
100+
Internal checks
Structured review flow for repeatable investigations.
0
External dependencies
Designed for portability and reduced operational friction.
Core Capabilities
Everything you need. Nothing you don't.
Built in Rust
Memory-safe, blazing fast, single static binary. No runtime, no dependencies.
Cross-Platform
Native support for Linux, Windows, and macOS. One tool for every OS.
YAML Configuration
Define custom collection profiles. Target specific artifacts and automate workflows.
Evidence Integrity
Integrity controls, ownership attribution, and audit-ready evidence handling.
Rich Reports
Generates audit-ready outputs for review, reporting and handover.
Anti-Cracking
Multiple protection controls against tampering and misuse.
Date Filtering
Collect artifacts within specific date ranges to focus your investigation.
Lightweight & Fast
4.7MB binary that runs instantly. No bloat, no waiting for indexing.
Workflow
From deployment to court-ready evidence in minutes
Deploy
Drop the 4.7MB binary on any machine. Zero installation.
Configure
Use YAML profiles or run the default full-scan.
Collect
30+ modules, 85+ checks in seconds. All evidence hashed & signed.
Report
HTML/TXT reports + chain of custody + signed TAR.GZ for court.
Capability Map
Broad forensic coverage without exposing the playbook
ForenseKit consolidates multiple forensic domains into a single controlled workflow. The landing page shows scope, not implementation details.
Endpoint & OS Artifacts
Collects relevant operating system and endpoint evidence for investigation context.
User Activity & Applications
Reviews activity traces from common user applications and local usage patterns.
Network & Connectivity
Builds a view of communications, connectivity indicators and network-related artifacts.
Web & Browser Evidence
Extracts browser-related evidence across common browsing environments.
Cloud & Developer Footprints
Identifies relevant cloud, container and development environment traces.
Advanced Evidence Review
Applies specialized analysis routines for complex investigations and suspicious activity.
System & Application Forensic Audit
Go beyond OS-level forensics. Audit any software system — ERP, billing, accounting, e-commerce, databases — for fraud, manipulation, and compliance violations.
Database Integrity
Detect unauthorized modifications, deleted records, and schema tampering
Timestamp Forensics
Identify backdated entries, clock manipulation, and timeline inconsistencies
Financial Forensics
Benford's Law analysis, duplicate detection, round-number anomalies
Behavior Analysis
Unusual access patterns, privilege escalation, off-hours activity
Exfiltration Detection
Data leaks, unauthorized exports, suspicious file transfers
Communications Forensics
Email analysis, messaging artifacts, coordination evidence
Source Code Analysis
Backdoors, hardcoded credentials, suspicious logic changes
Compliance Mapper
Map findings to GDPR, HIPAA, PCI-DSS, SOX frameworks
Custody Report
Court-ready chain of custody documentation with Ed25519 signatures
💡 Real-world use case
A company suspects its ERP system was manipulated to hide fraudulent transactions. The auditor connects ForenseKit via USB, selects the ERP system type, and runs 15 specialized modules. In seconds, ForenseKit detects timestamp manipulation, Benford's Law anomalies in financial data, unauthorized database modifications, and suspicious communications — all documented with digital signatures and chain of custody.
Supported system types:
Available in Complete and Enterprise plans
Positioning
ForenseKit vs. traditional forensic suites
| Area | ForenseKit | Traditional suites |
|---|---|---|
| Pricing | Flexible per-case, monthly and annual licensing | High annual commitments and enterprise quoting |
| Deployment | Lightweight controlled binary | Large installations and heavier environments |
| Coverage | Broad investigation coverage in one workflow | Coverage often depends on separate products or add-ons |
| Reporting | Audit-ready outputs with license attribution | Reporting varies by tool and deployment |
| License ownership | Reports are tied to the registered owner | Ownership controls vary by vendor |
| Distribution | Binary + signed license | Vendor portals, installers and contract workflows |
Benchmark
What only ForenseKit offers
Features no other forensic tool combines in a single binary
6.7MB
6.7 MB binary
6.7MB
~30 MB RAM
0
0 dependencies
3
3 platforms
Pricing
Enterprise power. Accessible pricing.
Pay per case or choose a monthly/annual plan. No hidden fees.
🚀 Launch pricing — limited time offer
Free
Demo
Validate ForenseKit with very limited capabilities. Includes GUI viewer to explore results visually before choosing a paid license.
3 demo cases included
$0
Personal
Starter
Essential forensics for straightforward investigations.
Best for: basic forensic checks and initial investigations
- System & OS modules
- Browser forensics (8 engines)
- Network analysis
- Basic reporting (TXT + HTML)
- SHA-256 evidence hashing
- Email support
Personal
Professional
Advanced capabilities for complex investigations.
Best for: independent DFIR consultants and recurrent cases
- Everything in Starter
- Dark web & P2P analysis
- Crypto wallet scanning (11 types)
- VPN & messaging forensics
- Cloud forensics (AWS/Azure/GCP)
- YAML custom profiles
- Ed25519 digital signatures
Personal
Complete
Full arsenal for the most demanding investigations.
Best for: advanced investigations with maximum coverage
- Everything in Professional
- Pattern scanner (61 rules)
- Ransomware indicators
- Supply chain analysis
- AI model & deepfake detection
- IoT & mobile forensics
- Compliance (GDPR/HIPAA)
Personal
CLI vs CLI + GUI
All Personal plans are available in CLI-only or CLI + GUI. Select the modules you need for each case.
CLI
from $59/caseCommand lineFull forensic collection, evidence verification, and signed packages from the terminal.
CLI + GUI
from $99/casePremiumEverything in CLI plus the web-based forensic console: dashboard, case management, search, SLA tracking, and visual evidence review.
All plans allow you to select which modules to run for each case, limited to the modules included in your plan.
Enterprise
All modules included
For organizations that need full forensic coverage under a corporate license.
Per case
Up to 3 named users for the case
$1,499
BuyMonthly
Up to 5 named users
$2,999
BuyAnnual
Up to 10 named users
$49,999
Contact- Full ForenseKit module library
- Unlimited cases during active period
- Company + authorized user attribution
Security & Integrity
Evidence integrity is non-negotiable
Paid outputs are delivered as verifiable evidence packages. Reports remain readable, but any post-generation modification invalidates verification.
Verifiable evidence packages
Paid case outputs include integrity metadata so every generated file can be verified after delivery.
License-defined attribution
Report ownership is defined by the signed license: professional name for Personal, organization plus authorized user for Enterprise.
Modification detection
If a TXT, HTML or custody file is changed after generation, package verification fails.