­
Most Important Tools for Incidence Response - All Articles - CISO Platform

Most Important Tools for Incidence Response

Based on OS

Windows tools:

Specific Tools:

  1. Log Parser - 
  2. EnCase -
  3. ILook(LEO Only) -
  4. Paraben -
  5. ProDiscover -
  6. TCPView -
  7. AccessData -
  8. COFEE(LEO Only) -
  9. WinHex
  10. X-Way Forensics/WinHex Pro
  11. FileControl-DD etc.
  12. Wireshark-Ethereal(packet sniffer)
  13. Dsniff-Dug Song

(Read more:  Top 5 Big Data Vulnerability Classes)

Websites & Tools

  1. Sysinternals.com
  2. Foundstone.com

UNIX:

  1. Grep
  2. Nmap
  3. DEFT-Linux Distribution
  4. Can Opener-Abbott systems
  5. BlackLight-Blackbag
  6. Expert Witness-ASR Data
  7. coroner's tool kit( pcat,ils,icat,File,unrm,Lazarus)
  8. TCTUtils(bcat,blockcalc,fls,find_file,find_inode,Istat,mac_merge)
  9. Autopsy Forensic Browser

Based on Functionality

Imaging tools:

  1. FTK Imager
  2. Encase Professional
  3. Symantec Norton Ghost
  4. Power Quest - drive image, drive copy
  5. Freeware 'dd' utility
  6. Fastbloc (Encase)
  7. AVCDEF(Vogon)
  8. Caveat

Logs:

  1. Event logs(system,security,application,router)
  2. specific application log(IIS,SQL Server..)

Memory Collection

  1. Dumping event logs(dumpevt.exe,dumpevt.pl)
  2. DumpIt

  3. Volatility

  4. Mandiant RedLine
  5. HBGary Responder CE

(Read more:  Cyber Safety in Cars and Medical Devices)

String:

  1. Strings.exe
  2. Finfo.pl

network tools:

  1. WireShark(free tool)

  2. NetworkMiner

  3. Netwitness Investigator

  4. Network Appliance Forensic Toolkit (NAFT)

Carving:

  1. PhotoRec
  2. Scalpel
  3. ParseRS/RipRS

Image Mounting:

  1. OSFMount
  2. ImDisk
  3. FTK Imager
  4. vhdtool
  5. raw2vmdk
  6. LiveView
  7. VirtualBox

File system:

  1. analyzeMFT
  2. INDXParse
  3. PDF Tools from Didier Stevens 
  4. PDFStreamDumper
  5. SWF Mastah

Registry:

  1. RegRipper
  2. Shellbag Forensics

(Read more:  How to write a great article in less than 30 mins)

password recovery:

  1. Ntpwedit
  2. Ntpasswd
  3. pwdump7
  4. SAMInside
  5. OphCrack
  6. L0phtcrack

based:

Individual Tools

  1. Sysinternals Suite

Script Based Tools

  1. First Responder's Evidence Disk (FRED)
  2. Microsoft COFEE
  3. Windows Forensic Toolchest (WFT)
  4. RAPIER

Agent Based Tools

  1. GRR
  2. Mandiant First Response

Note:http://www.forensicswiki.org/wiki/Incident_Response

  • Keeping a list of comprehensive tools for the organizational infrastructure and training your team on using them can prove to be very helpful at the time of incidence.
  • It is also very important to validate the list of tools is comprehensive and capable of providing coverage to major security areas.
  • Maintaining it a form of ROM (eg. CD) is preferable, so they don't get infected in any form. 

Others:

  • evidence-dd,mount
  • acqusition & reconnaisance-grave-robber,ils,ils2mac,fls-m
  • analysis-timelining,AFB,lazarus
  • recovery-icat,urnm

References:

http://www.blackhat.com/presentations/bh-asia-02/bh-asia-02-khoo.pdf

http://oreilly.com/catalog/incidentres/chapter/ch07.html

http://windowsir.blogspot.in/p/foss-tools.html

http://www.forensicswiki.org/wiki/Incident_Response

Votes: 0
E-mail me when people leave their comments –

Community Head, CISO Platform

You need to be a member of CISO Platform to add comments!

Join CISO Platform

Join The Community Discussion

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)
 

 

 

CISO Platform Talks : Security FireSide Chat With A Top CISO or equivalent (Monthly)

  • Description:

    CISO Platform Talks: Security Fireside Chat With a Top CISO

    Join us for the CISOPlatform Fireside Chat, a power-packed 30-minute virtual conversation where we bring together some of the brightest minds in cybersecurity to share strategic insights, real-world experiences, and emerging trends. This exclusive monthly session is designed for senior cybersecurity leaders looking to stay ahead in an ever-evolving landscape.

    We’ve had the privilege of…

  • Created by: Biswajit Banerjee
  • Tags: ciso, fireside chat

CISO Talk (Chennai Chapter) - AI Code Generation Risks: Balancing Innovation and Security

  • Description:

    We’re excited to invite you to an exclusive CISO Talk (Chennai Chapter) on “AI Code Generation Risks: Balancing Innovation and Security” featuring Ramkumar Dilli (Chief Information Officer, Myridius).

    In this session, we’ll explore how security leaders can navigate the risks of AI-generated code, implement secure development guardrails, and strike the right balance between innovation and security. AI…

  • Created by: Biswajit Banerjee
  • Tags: ciso talk

CISO MeetUp: Executive Cocktail Reception @ Black Hat USA , Las Vegas 2025

  • Description:

    We are excited to invite you to the CISO MeetUp: Executive Cocktail Reception if you are there at the Black Hat Conference USA, Las Vegas 2025. This event is organized by EC-Council & FireCompass with CISOPlatform as proud community partner. 

    This evening is designed for Director-level and above cybersecurity professionals to connect, collaborate, and unwind in a relaxed setting. Enjoy…

  • Created by: Biswajit Banerjee
  • Tags: black hat 2025, ciso meetup, cocktail reception, usa events, cybersecurity events, ciso

6 City Playbook Round Table Series (Delhi, Mumbai, Bangalore, Pune, Chennai, Kolkata)

  • Description:

    Join us for an exclusive 6-city roundtable series across Delhi, Mumbai, Bangalore, Pune, Chennai, and Kolkata. Curated for top cybersecurity leaders, this series will spotlight proven strategies, real-world insights, and impactful playbooks from the industry’s best.

    Network with peers, exchange ideas, and contribute to shaping the Top 100 Security Playbooks of the year.

    Date : Sept 2025 - Oct 2025

    Venue: Delhi, Mumbai, Bangalore, Pune,…

  • Created by: Biswajit Banerjee