Tools

• Kibana
• Splunk

• Wireshark

• velociraptor
  • remote artefact collection and administration
• iris
  • Collaborative Incident Response Platform
• x_ways
• axiom
• f_Response
• arsenal_image_mounter
• magnet_ram_capture
• exiftool
• sqlite_database_browser
• ost_pst_viewer
• registry_viewer
• regripper
• ghidra

• evtwalk
  • Parse Windows Event Logs

• dissect
  • Analysis of file systems and images
• timelines] * tools like [[plaso, log2timeline, timesketch
• hayabusa
  • Parses windows event logs or sysmon/linux

• memprocfs

• Wireshark
• networkminer
• snort
• zeek
• yaru
  • TZworks, yet another registry utility
• usp
  • TZWorks, USB parser
• sysinternals
  • tcpview, resmon,

• https://threatfox.abuse.ch
• https://bazaar.abuse.ch
• https://thalosintelligence.com
• https://www.virustotal.com

• CyLR
  • Collect artefacts on Win, Linux and MacOS
• UAC
  • Unix Artefacts Collector
• ntfswalk
  • ntfswalk, gena (gui)
• Scripts

* ping_castle

• Volatility