All Articles

Based on OS

Windows tools:

Specific Tools:

1. Log Parser - 
2. EnCase -
3. ILook(LEO Only) -
4. Paraben -
5. ProDiscover -
6. TCPView -
7. AccessData -
8. COFEE(LEO Only) -
9. WinHex
10. X-Way Forensics/WinHex Pro
11. FileControl-DD etc.
12. Wireshark-Ethereal(packet sniffer)
13. Dsniff-Dug Song

(Read more:  Top 5 Big Data Vulnerability Classes)

Websites & Tools

1. Sysinternals.com
2. Foundstone.com

UNIX:

1. Grep
2. Nmap
3. DEFT-Linux Distribution
4. Can Opener-Abbott systems
5. BlackLight-Blackbag
6. Expert Witness-ASR Data
7. coroner's tool kit( pcat,ils,icat,File,unrm,Lazarus)
8. TCTUtils(bcat,blockcalc,fls,find_file,find_inode,Istat,mac_merge)
9. Autopsy Forensic Browser

Based on Functionality

Imaging tools:

1. FTK Imager
2. Encase Professional
3. Symantec Norton Ghost
4. Power Quest - drive image, drive copy
5. Freeware 'dd' utility
6. Fastbloc (Encase)
7. AVCDEF(Vogon)
8. Caveat

Logs:

1. Event logs(system,security,application,router)
2. specific application log(IIS,SQL Server..)

Memory Collection

1. Dumping event logs(dumpevt.exe,dumpevt.pl)

2. DumpIt

3. Volatility

4. Mandiant RedLine
5. HBGary Responder CE

(Read more:  Cyber Safety in Cars and Medical Devices)

String:

1. Strings.exe
2. Finfo.pl

network tools:

1. WireShark(free tool)

2. NetworkMiner

3. Netwitness Investigator

4. Network Appliance Forensic Toolkit (NAFT)

Carving:

1. PhotoRec
2. Scalpel
3. ParseRS/RipRS

Image Mounting:

1. OSFMount
2. ImDisk
3. FTK Imager
4. vhdtool
5. raw2vmdk
6. LiveView
7. VirtualBox

File system:

1. analyzeMFT
2. INDXParse
3. PDF Tools from Didier Stevens 
4. PDFStreamDumper
5. SWF Mastah

Registry:

1. RegRipper
2. Shellbag Forensics

(Read more:  How to write a great article in less than 30 mins)

password recovery:

1. Ntpwedit
2. Ntpasswd
3. pwdump7
4. SAMInside
5. OphCrack
6. L0phtcrack

based:

Individual Tools

1. Sysinternals Suite

Script Based Tools

1. First Responder's Evidence Disk (FRED)
2. Microsoft COFEE
3. Windows Forensic Toolchest (WFT)
4. RAPIER

Agent Based Tools

1. GRR
2. Mandiant First Response

Note:http://www.forensicswiki.org/wiki/Incident_Response

• Keeping a list of comprehensive tools for the organizational infrastructure and training your team on using them can prove to be very helpful at the time of incidence.
• It is also very important to validate the list of tools is comprehensive and capable of providing coverage to major security areas.
• Maintaining it a form of ROM (eg. CD) is preferable, so they don't get infected in any form. 

Others:

• evidence-dd,mount
• acqusition & reconnaisance-grave-robber,ils,ils2mac,fls-m
• analysis-timelining,AFB,lazarus
• recovery-icat,urnm

References:

http://www.blackhat.com/presentations/bh-asia-02/bh-asia-02-khoo.pdf

http://oreilly.com/catalog/incidentres/chapter/ch07.html

http://windowsir.blogspot.in/p/foss-tools.html

http://www.forensicswiki.org/wiki/Incident_Response