A suspicious attachment needs a first pass. Firmware needs a careful look. A binary puzzle needs structure, strings and entropy in one place — not scattered across six terminals. Leviathan gathers the whole forensic kit into a dedicated activity-bar view and a right-click toolbox on any file in the Explorer.
One click
Dozens
Case exports
Inspect the bytes
A hex editor for close reading, plus fast overviews: hashes, entropy, strings, timestamps and metadata at a glance.
Find what matters
Hunt for IOCs and interesting patterns. Run single searches or multi-searches across the whole binary.
Spot the difference
Two files look similar — Leviathan shows you exactly where they part ways, and carves data out of larger blobs.
Go deeper
Structures, disassembly, keys, patches and transforms — with views for PDF, SquashFS, spectrograms and steganography checks.
Load a binary, pick the analysis view you need, and follow the clues. When you're done, export the case so the trail is kept together rather than lost in scrollback.
— A suspicious attachment lands and needs a first pass before anyone touches it.
— Firmware needs a careful, methodical look.
— A binary puzzle needs structure, strings and entropy side by side.
— You want forensic tools in the editor instead of scattered across terminals.
Purposeful, dense, and a little dramatic in the best way: a proper workbench for byte-level investigation.
Install it and start digging.
Leviathan Forensics is on the Visual Studio Marketplace. The same toolkit also runs entirely in the browser at leviathan.dixon.cx — over twenty tools, no upload.
Install from MarketplaceA format it should handle, but doesn't?
Suggestions for new parsers, views or analyses are always welcome — tell me what you're up against.
Send me a message →