// arsenal·Forensics & REAdvancedFOSS

Ghidra/ghee-druh/

NSA's open-source reverse-engineering platform with a strong decompiler.

Forensics & RE

$ ghidra --help

Ghidra

Ghidra logoWikimedia Commons

// what it is

Description

Released by the NSA in 2019 at RSA Conference. Java-based RE platform with disassembler + decompiler across x86, x64, ARM, MIPS, PowerPC, and dozens more. The free alternative to IDA Pro and the modern community standard for RE training.

// use cases

What people use it for

Malware reverse engineering
Firmware analysis
CTF reverse-engineering challenges

// commands

The commands you'll type

Launch GUI

$ ghidraRun

// facts

category: Forensics & RE
platforms: LIN · WIN · MAC
license: FOSS
difficulty: Advanced

// links

// related in Forensics & RE

Forensics & REAdvanced

Volatility

Open-source memory-forensics framework — reads RAM images and reconstructs system state.

FOSS

LIN·WIN·MAC

open entry →

Forensics & REIntermediate

Autopsy

Open-source digital-forensics GUI on top of The Sleuth Kit.

FOSS

LIN·WIN·MAC

open entry →

Forensics & REBeginner

FTK Imager

Exterro's free disk-imaging utility — the de facto standard for forensic disk capture.

Freemium

WIN·MAC

open entry →