Category Archives: Forensics

Xplico – Network Forensic Analysis Tool

Network artifact collection is extremely important when you are looking to investigate a security intrusion reported by external entity such as ISP, CERT or CSIRT. Network evidence may include network logs, network pcap files and the source IP these are

WinPmem – Memory Acquisition Tool

WinPmem can be used to dump memory from windows , linux or MacOS operating systems.

UserAssistView – Display UserAssist Items

One of the programs that will be helpful in the incident response from Nirsoft is UserAssistView.

DSi USB Write Blocker

DSi USB Write Blocker Utility will help into converting the USB stick into read only mode so no change or modification is allowed which comes at the end when all information requirement collected.

OSForensics – Digital Investigation Toolkit

OSForensics allows you to identify suspicious files and activity with hash matching, drive signature comparisons, e-mails, memory and binary data.

CurrProcess – Tool to Display Currently Running Processes

CurrProcess utility is another nirsoft product that you can use among your toolkit for incident response.

Link Parser – Parse Microsoft Shell Link (.lnk) Files

Link Parser will allow you to import LNK files information from a folder and display all required information that include original file path , date of the file access, date of the file modification,