Squirrel Forensics logo featuring Sleuthy the Squirrel, representing a leading digital forensics and cybersecurity company.

DFIR Applications on The Acorn

The Acorn is designed for flexibility, allowing you to install your own open‑source forensic tools and write custom scripts. Whether you need advanced log analysis, forensic imaging, or tailored workflows, the Acorn adapts to your requirements empowering professionals with a truly customisable and powerful digital forensic workstation.

It also includes our proprietary USB write-blocker and a carefully curated selection of over 50 open-source applications that support and enhance every stage of the DFIR process from evidence acquisition to analysis and reporting.

Featured Pre-Installed Forensic Applications

Device Manager & Disk Layout (Built‐in Proprietary USB Write‐Blocker)

Ensures evidence integrity by allowing examiners to preserve and acquire data without accidental writes. This maintains a clear, defensible chain of custody, a critical requirement in forensic investigations.

Guymager for Imaging

A GUI-based forensic imaging tool that creates bit-for-bit copies in E01 or raw formats from /dev/sdc. Supports concurrent imaging and includes integrated verification hashes (MD5/SHA1) for authenticity validation.

Terminal with Hayabusa Alerts

Automates event log analysis to detect anomalies or known malicious patterns in Windows EVTX logs. Runs natively in Ubuntu’s CLI for faster analysis, especially beneficial in large log sets.

DDRescue GUI Interface

Recovers data from damaged media by skipping bad sectors and returning later with additional read attempts. Provides detailed logs of recovered and unrecovered sectors, minimizing data loss.

DDRescueView “Green Map”

Offers a graphical overview of DDRescue operations, displaying recovered vs. unrecoverable sectors. Assists examiners in validating imaging success and assessing the extent of salvaged critical data.

LibreOffice for Forensic Reporting

Enables examiners to create standardised, court-ready forensic reports. Supports multiple formats and offers secure PDF output ensuring compatibility with legal requirements.

VeraCrypt Volume Creation Wizard

Enables the encryption of evidence containers or working directories for secure transport. Provides strong encryption, cross-platform compatibility, and a straightforward wizard interface.

Python for Script Writing

Allows forensic examiners to write and execute custom scripts for automation, log parsing, and advanced analysis within forensic workflows.

Using The Acorn

Write-Blocker Forensic Use Case
Write-Blocker in Action on the acorn - click here >>>
Guymager forensic use case – forensic imaging screenshot
Forensic Imaging on the Acorn - click here >>>
Hayabusa forensic use case on the Acorn
Windows Log Analysis on the Acorn - click here >>>
Screenshot of Autopsy running on the Acorn, displaying forensic plugin selection for pre-processing digital evidence.
Forensic Analysis on the Acorn - click here >>>
Velociraptor forensic use case
Investigating Suspicious Linux Services - click here >>>

Squirrel Forensics Ltd
3rd Floor
86-90 Paul Street
London EC2A 4NE

Information

Contact

  • info@sqfr.uk
Linkedin
Investigators collaborating using Squirrel Forensics tools

© 2025 Squirrel Forensics Ltd. All rights reserved.