UNCOVER THE INVISIBLE
Windows Digital Forensics and Incident Response (DFIR) Tools
Advanced, lightweight and privacy-first digital forensic tools.
Vortex Forensic provides high-performance utilities for forensic examiners and system administrators. Our tools specialize in Windows artifact analysis, including Prefetch, AmCache, MFT and Registry forensics, designed for speed and privacy during live system triage.
Vortex Forensic is founded on the principle that digital forensic tools should be powerful, transparent and respectful of privacy. In an era where data is often sent to the cloud for analysis, we stand for local processing. Our mission is to help investigators and system administrators uncover the invisible artifacts that reside within the complex structures of the Windows operating system. From tracking application execution history via Prefetch and AmCache to deep-diving into the NTFS Master File Table (MFT), we provide the visibility required for effective Incident Response and Forensic Analysis.
Our toolkit is designed for quick triage with precision, allowing you to uncover the invisible digital footprints left across a system. We offer specialized tools for various forensic needs:
- Vortex Viewer: Universal execution history viewer and process memory extractor.
- Vortex Prefetch: Analysis of Windows Prefetch files (.pf).
- Vortex AmCache: Extracts execution history from the AmCache hive.
- Vortex FAT & Vortex MFT Plus: Tools for deep file system analysis.
- Vortex Web Tools: Online utilities like the CSRSS Analyzer.
Transparency is essential in forensic work. To help you uncover the invisible logic of Windows artifacts, we provide an extensive Technical Repository. This resource covers everything from Windows Artifact Analysis to System Configuration Artifacts. By documenting raw file structures and forensic methodologies, we empower the DFIR community to verify findings on Registry Hives, UserAssist and Shimcache analysis.