Tag Archives: DFIR

CurrProcess – Tool to Display Currently Running Processes

CurrProcess utility is another nirsoft product that you can use among your toolkit for incident response.

CrowdResponse – Forensics Data Collection Tool

CrowdResponse is an automated tool that will allow you to gather system information for incident response and security engagements.The tool may cover windows based operating system or MAC OSX.

Belkasoft RAM Capturer: Volatile Memory Acquisition Tool

Belkasoft Live RAM Capturer is a tiny free forensic tool that allows to reliably extract the entire contents of computer’s volatile memory – even if protected by an active anti-debugging or anti-dumping system. Separate 32-bit and 64-bit builds are available

Imago Forensics – Tool to Extract Digital Evidences from Images

Imago Forensics is a python tool that extract digital evidences from images recursively. This tool is useful throughout a digital forensic investigation. If you need to extract digital evidences and you have a lot of images, through this tool you

CyLR — Live Response Collection Tool

The CyLR tool collects forensic artifacts from hosts with NTFS file systems quickly, securely and minimizes impact to the host.