meta data for this page
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| soc:tools:start [2026/06/10 13:07] – titannet | soc:tools:start [2026/06/10 15:04] (current) – titannet | ||
|---|---|---|---|
| Line 6: | Line 6: | ||
| * [[kibana]] | * [[kibana]] | ||
| * [[splunk]] | * [[splunk]] | ||
| - | |||
| ===== Network ===== | ===== Network ===== | ||
| - | [[wireshark]] | + | * [[wireshark]] |
| - | ===== Forensics | + | ===== IR ===== |
| - | * [[X-ways]] | + | * [[velociraptor]] |
| - | * [[Axiom]] | + | * remote artefact collection and administration |
| - | * [[F-Response]] | + | * [[iris]] |
| - | * [[Arsenal Image Mounter]] | + | * Collaborative Incident Response Platform |
| - | * [[Magnet RAM Capture]] | + | * [[x_ways]] |
| - | * [[Exiftool]] | + | * [[axiom]] |
| - | * [[SQLite Database Browser]] | + | * [[f_Response]] |
| - | * [[OST/PST Viewer]] | + | * [[arsenal_image_mounter]] |
| - | * [[Registry Viewer]] | + | * [[magnet_ram_capture]] |
| - | * [[Regripper]] | + | * [[exiftool]] |
| - | * [[Ghidra]] | + | * [[sqlite_database_browser]] |
| + | * [[ost_pst_viewer]] | ||
| + | * [[registry_viewer]] | ||
| + | * [[regripper]] | ||
| + | * [[ghidra]] | ||
| + | |||
| + | ===== Commandline ===== | ||
| + | |||
| + | |||
| + | * [[evtwalk]] | ||
| + | * Parse Windows Event Logs | ||
| + | |||
| + | |||
| + | * [[dissect]] | ||
| + | * Analysis of file systems and images | ||
| + | * [[timelines] | ||
| + | * tools like [[plaso]], [[log2timeline]], | ||
| + | * [[hayabusa]] | ||
| + | * Parses windows event logs or sysmon/linux | ||
| + | |||
| + | |||
| + | ===== Windows GUI ===== | ||
| + | |||
| + | * [[memprocfs]] | ||
| + | |||
| + | * [[wireshark]] | ||
| + | * [[networkminer]] | ||
| + | * [[snort]] | ||
| + | * [[zeek]] | ||
| + | * [[yaru]] | ||
| + | * TZworks, yet another registry utility | ||
| + | * [[usp]] | ||
| + | * TZWorks, USB parser | ||
| + | * [[sysinternals]] | ||
| + | * tcpview, resmon, | ||
| + | |||
| + | |||
| + | ===== Malware Analysis ===== | ||
| + | |||
| + | * [[https:// | ||
| + | * [[https:// | ||
| + | * [[https:// | ||
| + | * [[https:// | ||
| + | |||
| + | |||
| + | ==== Data Collection ==== | ||
| + | |||
| + | * [[CyLR]] | ||
| + | * Collect artefacts on Win, Linux and MacOS | ||
| + | * [[UAC]] | ||
| + | * Unix Artefacts Collector | ||
| + | * [[ntfswalk]] | ||
| + | * ntfswalk, gena (gui) | ||
| + | * Scripts | ||
| + | |||
| + | |||
| + | ==== Active Directory ==== | ||
| + | |||
| + | * [[ping_castle]] | ||
| Line 33: | Line 90: | ||
| * [[volatility]] | * [[volatility]] | ||
| + | |||
| + | ==== Forensics ==== | ||
| + | |||
| + | |||
| + | * | ||