meta data for this page
This is an old revision of the document!
Tools
SIEM
Network
IR
Commandline
-
- Parse Windows Event Logs
-
- Analysis of file systems and images
-
- Parses windows event logs or sysmon/linux
Windows GUI
-
- TZworks, yet another registry utility
-
- TZWorks, USB parser
Malware Analysis
https://threatfox.abuse.ch https://bazaar.abuse.ch https://thalosintelligence.com https://www.virustotal.com
Data Collection
-
- Collect artefacts on Win, Linux and MacOS
-
- Unix Artefacts Collector
-
- ntfswalk, gena (gui)
- Scripts