So you are breeched? Okay, cool off and get a hand on the most useful tools. Why? Because now all you need to do is find out what's out in the open and what not. Then you can decide how bad the breech is and also if you get good evidence, you have a chance to win. Moreover, once your customers can be alerted of the exact loss, mostly the loss is not as brutal.
We'll stick to the main focus areas we described for skill sets in IR teams.
Note:
- Tools are platform dependent eg. OS dependent i.e. Windows vs Linux
- Most of the list will be free or open source or both
- High coverage of windows tools, less for other OS(eg. Linux, Mac)
- Most free softwares declare download at own risk, careful check is recommended
(Read more: Can your SMART TV get hacked?)
Major Areas Of Focus:
- Incidence Response
- Computer Forensics
- Network Security
- Secure Architecture
Incidence response tools:
First Responder's Evidence Disk ( FRED )
Knoppix STD
Windows FE ( Microsoft-free)
Coroner's Toolkit-for UNIX
MasterKey-LINUX
Pro Discover-paid basic,forensic & IR editions (ARCGroup)
Oxygen Forensic Suite (passware)
Helix( free,pro,enterprise,live versions)
Forensic Toolkit ( FTK ) or international version by Access Data
Forensic Bridges (Tableau/Guidance s/w)
First Response ( Mandiant )
Investigator Workstation & Lab ( nuix-paid )
Windows Forensic Toolchest or WFT-paid version (FoolMoon)
Computer forensics tools:
Memory & Imaging tools-
DumpIT
Guymager
Volafox-for Mac OS X
P2 explorer-free,pro paid versions ( Paraben )
FTK Imager- also for Mac OS ( Access data )
Tableau Imager (Tableau)
OSFClone & OSFMount (Passmark s/w)
Encase Forensic Imager( Guidance s/w )
RedLine (by Mandiant)
Live Ram Capturer (Belkasoft)
Disk2VHD ( Microsoft )
USB Block Writer ( DSi )
EvidenceMover (nuix )
Carving-
PhotoRec
Mft PictureBox
Ghiro Digital Image Forensics
Defraser
File system-
HMFT
INDXParse
AnalyzeMFT
File Signature-
HeXbrowser
File Signature
(Read more: How to choose your Security / Penetration Testing Vendor?)
Analysis-
PDF Stream Dumper
OSForensics
SleuthKit
RegRipper
ShellBags Analysis
Digital Forensics Framework (DFF)
SANS Investigative Forensic Toolkit (SIFT)
Metadata & Passwords-
Pwdump7
Ophcrack
NTPWEdit
Ntpasswd
Cain & Abel
Encryption Analyser-free,2paid versions (passware)
InsidePro
Lophtcrack
EWF Metaeditor (4discovery)
Hashes-
HashMyFiles (Nirsoft)
Network security tools:
Network traffic-
Wireshark
Nmap
Security Onion
WinDump
NetworkMiner (NetreSec)
RSA Security Analytics freeware (RSA)
NFAT (Xplico)
Retina (Beyond Trust)
Email-
MAIL Viewer (MiTec)
Kernel OST Viewer or Kernel Outlook PST Viewer ( Kernel )
Email Migration, Email Recovery solutions (Kernel)
MBox Viewer-free,pro paid versions (Systools)
(Read more: Shellshock Bug: A Quick Primer)
Secure architecture tools: (includes testing tools)
Mantra- Windows,Linux,Mac (Owasp)
MetaSploit-attack simulator (Rapid7)
This is more an approach to building the architecture at the start. Apart from that, you ma use any analysis tool to keep a check. However tools will be temporary and an insecure architecture will increase your security debt.
references
http://windowsir.blogspot.in/p/foss-tools.html
http://www.e-fense.com/products.php
https://forensiccontrol.com/resources/free-software/
http://www.gfi.com/blog/18-free-security-tools-for-sysadmins/
http://www.blackhat.com/presentations/bh-asia-02/bh-asia-02-khoo.pdf
Forensic book-Johnson 111
each product link
To add-top 10 free tools for pentest/audit http://www.security-audit.com/penetration-testing-tools/
Mobile tools will be covered separately since this is a lot already! Do you use other tools, share with us in comments below
Comments