DFIR Timeline Analysis for macOS — SQLite-backed viewer for CSV, TSV, XLSX, EVTX, Plaso, $MFT, and $J files with built-in process inspection, lateral movement tracking, persistence detection, and VirusTotal enrichment.

A Linux version of Everything Search Engine.

From 2011: Quickly search for files in NTFS volumes parsing the Master File Table (MFT). A decent amount of how NTFS and MFT work was painstakingly reverse-engineered since it's undocumented.

Disk Usage Analyzer & Duplicate File Finder

The All-in-One Forensic Timeline Reconstructor. Seamlessly integrate Audio Forensics with Windows Artifacts. VoxTrace-DFIR automates the collection and correlation of logs, file system activity, and speech evidence into a single professional report.