Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (530.91 KB, 9 trang )
<span class="text_page_counter">Trang 1</span><div class="page_container" data-page="1">
<b>1. Autopsy - Open source digital forensics platform to analyze hard drives and smart phones </b>
<b>17. Ghiro - Web site screenshots and analysis for forensic investigations </b> Scalpel - File carver which recovers files based on headers and footers </b>
<b>19. HxD - Hex editor useful for analyzing raw disk and memory dumps </b> TestDisk - Data recovery tool, useful when file systems get corrupted </b>
<b>21. PhotoRec - Recovery tool specifically focused on photos and media files </b>
<b>22. CAINE - Italian GNU/Linux live distribution with many forensics tools </b>
<b>23. Axiom Cyber - Commercial digital forensics and incident response platform </b>
<b>27. Kali Linux - Penetration testing Linux distribution with many useful security tools </b>
<b>28. DEFT - Linux distribution configured specifically for computer forensics </b>
<b>29. Volatility Framework - Advanced memory forensics framework with plugins and APIs </b>
<b>30. PyFlag - Legacy Australian forensic and log analysis GUI platform </b>
<b>31. Plaso (log2timeline) - Extract timestamps from various logs and aggregate timeline </b>
<b>34. Snort - Open source intrusion detection and network monitoring system </b>
<b>35. Tcpdump - Capture and analyze network traffic on Unix-like systems </b>
<b>36. Ngrep - Search within network traffic payloads like grep for text streams </b> dcfldd - Disk cloning and forensics tool, version of dd with hashing </b> Wireshark - Network traffic analyzer useful for network forensics </b>
<b>39. SIFT (SANS) - Ubuntu-based distribution for forensic analysis </b> Paladin - USB image mounted as virtual drive with write-protection </b>
<b>41. CAINE Live - Self-contained bootable forensic environment </b> XRY (XAMN) - Commercial mobile forensic software to analyze phones </b> BlackLight - Powerful Windows-based forensics analysis platform </b>
<b>47. Raptor - Validation tool to verify integrity of forensic copies </b> EnCase Imager - Disk imaging tool from Guidance Software </b> Guymager - Open source disk cloning and imaging tool for Linux </b>
<b>50. Scalpel - File carver recovering files based on header/footer signatures </b>
<b>51. Extundelete - Used to recover deleted files from mountable images </b> Xplico - Network forensics tool that rebuilds sessions from traffic </b> Foremost - File carving utility to recover files using header/footer definitions </b>
<b>54. Hunchback - High speed packet capture and transmission tool </b> Autopsy Tools - Plugins and tools used alongside Autopsy forensics GUI </b>
<b>60. Live View - Volatile memory analysis tool for Windows systems </b> LRR - Tool for viewing Windows artifacts including LNK files </b>
<b>65. Amcache Parser - Recovers data from Windows 10 Amcache.hve artifact file </b>
<b>66. The Hive - Web interface offering querying capabilities for hive files </b>
<b>67. GRR Rapid Response - Incident response framework focused on remote live forensics </b>
<b>71. KAPE - Target acquisition tool focused on enterprise lines of business </b> USB Write Blocker - Hardware ensuring write protection when imaging USB devices</b>
<b>73. AIL - Network and host monitoring system for identification of intrusions </b> Rifiuti2 - Analyzes Windows Recycle Bin INFO2 files and recovers filenames </b>
<b>75. VolDiff - Compares memory images and highlights differences for analysis </b> WinAudit - Scans Windows systems and reports changes from baseline </b> hfind - Carves unallocated space and extracts hidden/deleted data into files </b>
<b>78. Yara - Pattern matching tool aimed at malware researchers</b>
<b>79. Checkm8 - Jailbreaking tool extracting data from passcode locked iOS devices </b>o/
<b>80. Olefile - Python package for parsing OLE and Office documents </b> Pyew - Python tool for malware analysis static and dynamic </b> E01 Examiner - Software utility for mounting EnCase evidence file formats </b> USBDeview - Handy Windows tool listing all USB devices ever connected </b>
<b>89. Speedit - Detection and analysis of spyware, keyloggers, trojans etc</b> SniffPass - Sniffs passwords and other sensitive information from a network </b>
<b>91. Nmap - Network scanning and host discovery tool helpful for reconnaissance </b> OSINT Framework - Gathering publicly available online data regarding targets </b> Recon-ng - Web based open source reconnaissance framework </b> OSINT-SPY - Performs extensive reconnaissance using 300+ OSINT data sources </b>
<b>95. Shodan - Search engine for Internet connected devices </b>
<b>96. Maltego - Link analysis and data mining for gathering information </b> SpiderFoot - OSINT automation tool gathering threat intelligence data </b> Metagoofil - Extract metadata of public documents from a target website </b>
<b>1. Autopsy - Open source digital forensics platform to analyze hard drives and smart phones </b>
<b>42. XRY (XAMN) - Commercial mobile forensic software to analyze phones </b> BlackLight - Powerful Windows-based forensics analysis platform </b>
<b>49. Guymager - Open source disk cloning and imaging tool for Linux </b>
<b>60. Live View - Volatile memory analysis tool for Windows systems </b> Rekall - Advanced forensic memory analysis framework powered by Python </b>
<b>51. Extundelete - Used to recover deleted files from mountable images </b> Xplico - Network forensics tool that rebuilds sessions from traffic </b> Foremost - File carving utility to recover files using header/footer definitions </b>
<b>34. Snort - Open source intrusion detection and network monitoring system </b>
<b>35. Tcpdump - Capture and analyze network traffic on Unix-like systems </b>
<b>36. Ngrep - Search within network traffic payloads like grep for text streams </b> Wireshark - Network traffic analyzer useful for network forensics </b>
<b>54. Hunchback - High speed packet capture and transmission tool </b> AIL - Network and host monitoring system for identification of intrusions </b> Free Security Tools
<b>15. RegRipper - Tool to parse Windows registry files and dig for useful data </b>
<b>66. The Hive - Web interface offering querying capabilities for hive files </b>
<b>74. Rifiuti2 - Analyzes Windows Recycle Bin INFO2 files and recovers filenames </b>
<b>76. WinAudit - Scans Windows systems and reports changes from baseline </b> USBDeview - Handy Windows tool listing all USB devices ever connected </b>
<b>19. HxD - Hex editor useful for analyzing raw disk and memory dumps </b> WinHex - Hex editor, particularly helpful for low-level analyzing raw data </b> Extraction Tools:</b>
<b>8. Cellebrite UFED - Commercial mobile forensic software to extract data from phones and tablets </b>
<b>37. dcfldd - Disk cloning and forensics tool, version of dd with hashing </b> Free Security Tools
<b>40. Paladin - USB image mounted as virtual drive with write-protection </b>
<b>79. Checkm8 - Jailbreaking tool extracting data from passcode locked iOS devices </b>o/
<b>80. Olefile - Python package for parsing OLE and Office documents </b> Autopsy - iPhone - Autopsy module adds iOS analysis functionality </b>
<b>20. TestDisk - Data recovery tool, useful when file systems get corrupted </b>
<b>21. PhotoRec - Recovery tool specifically focused on photos and media files </b>
<b>17. Ghiro - Web site screenshots and analysis for forensic investigations </b> Pyew - Python tool for malware analysis static and dynamic </b> E01 Examiner - Software utility for mounting EnCase evidence file formats </b> X-Ways Imager - Disc imaging tool to create forensic images, integrated into X-Ways Forensics </b>
<b>91. Nmap - Network scanning and host discovery tool helpful for reconnaissance </b> OSINT Framework - Gathering publicly available online data regarding targets </b>
<b>95. Shodan - Search engine for Internet connected devices </b>
<b>96. Maltego - Link analysis and data mining for gathering information </b> SpiderFoot - OSINT automation tool gathering threat intelligence data </b> Metagoofil - Extract metadata of public documents from a target website </b>
<b>91. Nmap - Network scanning and host discovery tool helpful for reconnaissance </b> OSINT Framework - Gathering publicly available online data regarding targets </b>
<b>95. Shodan - Search engine for Internet connected devices </b>
<b>96. Maltego - Link analysis and data mining for gathering information </b> SpiderFoot - OSINT automation tool gathering threat intelligence data </b> Metagoofil - Extract metadata of public documents from a target website </b>