Digital Forensics
Redefined.
A next-generation forensic intelligence tool built in Rust.
30+ modules · 85+ forensic checks · 4.7 MB binary · Zero dependencies
Why ForenseKit
Forensic investigations need
speed, integrity and control
ForenseKit is built for professionals and organizations that need focused forensic collection, clear licensing, and audit-ready outputs without exposing internal methodology.
4.7MB
Lightweight binary
Fast to deploy in controlled environments.
30+
Capability areas
Broad coverage across common investigation domains.
85+
Internal checks
Structured review flow for repeatable investigations.
0
External dependencies
Designed for portability and reduced operational friction.
Core Capabilities
Everything you need. Nothing you don't.
Built in Rust
Memory-safe, blazing fast, single static binary. No runtime, no dependencies.
Cross-Platform
Native support for Linux, Windows, and macOS. One tool for every OS.
YAML Configuration
Define custom collection profiles. Target specific artifacts and automate workflows.
Evidence Integrity
Integrity controls, ownership attribution, and audit-ready evidence handling.
Rich Reports
Generates audit-ready outputs for review, reporting and handover.
Anti-Cracking
Multiple protection controls against tampering and misuse.
Date Filtering
Collect artifacts within specific date ranges to focus your investigation.
Lightweight & Fast
4.7MB binary that runs instantly. No bloat, no waiting for indexing.
Workflow
From deployment to court-ready evidence in minutes
Deploy
Drop the 4.7MB binary on any machine. Zero installation.
Configure
Use YAML profiles or run the default full-scan.
Collect
30+ modules, 85+ checks in seconds. All evidence hashed & signed.
Report
HTML/TXT reports + chain of custody + signed TAR.GZ for court.
Capability Map
Broad forensic coverage without exposing the playbook
ForenseKit consolidates multiple forensic domains into a single controlled workflow. The landing page shows scope, not implementation details.
Endpoint & OS Artifacts
Collects relevant operating system and endpoint evidence for investigation context.
User Activity & Applications
Reviews activity traces from common user applications and local usage patterns.
Network & Connectivity
Builds a view of communications, connectivity indicators and network-related artifacts.
Web & Browser Evidence
Extracts browser-related evidence across common browsing environments.
Cloud & Developer Footprints
Identifies relevant cloud, container and development environment traces.
Advanced Evidence Review
Applies specialized analysis routines for complex investigations and suspicious activity.
Positioning
ForenseKit vs. traditional forensic suites
| Area | ForenseKit | Traditional suites |
|---|---|---|
| Pricing | Flexible per-case, monthly and annual licensing | High annual commitments and enterprise quoting |
| Deployment | Lightweight controlled binary | Large installations and heavier environments |
| Coverage | Broad investigation coverage in one workflow | Coverage often depends on separate products or add-ons |
| Reporting | Audit-ready outputs with license attribution | Reporting varies by tool and deployment |
| License ownership | Reports are tied to the registered owner | Ownership controls vary by vendor |
| Distribution | Binary + signed license | Vendor portals, installers and contract workflows |
Pricing
Enterprise power. Accessible pricing.
Pay per case or choose a monthly/annual plan. No hidden fees.
Free
Free Evaluation
Validate ForenseKit with very limited capabilities. Includes GUI viewer to explore results visually before choosing a paid license.
Personal
Starter
Essential forensics for straightforward investigations.
Best for: basic forensic checks and initial investigations
- System & OS modules
- Browser forensics (8 engines)
- Network analysis
- Basic reporting (TXT + HTML)
- SHA-256 evidence hashing
- Email support
Personal
Professional
Advanced capabilities for complex investigations.
Best for: independent DFIR consultants and recurrent cases
- Everything in Starter
- Dark web & P2P analysis
- Crypto wallet scanning (11 types)
- VPN & messaging forensics
- Cloud forensics (AWS/Azure/GCP)
- YAML custom profiles
- Ed25519 digital signatures
Personal
Complete
Full arsenal for the most demanding investigations.
Best for: advanced investigations with maximum coverage
- Everything in Professional
- Pattern scanner (61 rules)
- Ransomware indicators
- Supply chain analysis
- AI model & deepfake detection
- IoT & mobile forensics
- Compliance (GDPR/HIPAA)
Personal
CLI vs CLI + GUI
All Personal plans are available in CLI-only or CLI + GUI. Select the modules you need for each case.
CLI
Command lineFull forensic collection, evidence verification, and signed packages from the terminal.
CLI + GUI
PremiumEverything in CLI plus the web-based forensic console: dashboard, case management, search, SLA tracking, and visual evidence review.
All plans allow you to select which modules to run for each case, limited to the modules included in your plan.
Enterprise
All modules included
For organizations that need full forensic coverage under a corporate license.
Per case
Up to 3 named users for the case
$2,999
Monthly
Up to 5 named users
$5,999
Annual
Up to 10 named users
$59,990
- Full ForenseKit module library
- Unlimited cases during active period
- Company + authorized user attribution
- No per-module enterprise licensing
Security & Integrity
Evidence integrity is non-negotiable
Paid outputs are delivered as verifiable evidence packages. Reports remain readable, but any post-generation modification invalidates verification.
Verifiable evidence packages
Paid case outputs include integrity metadata so every generated file can be verified after delivery.
License-defined attribution
Report ownership is defined by the signed license: professional name for Personal, organization plus authorized user for Enterprise.
Modification detection
If a TXT, HTML or custody file is changed after generation, package verification fails.