Tag Archives: Incident Handling

MIG – Real-time IR and Investigation Platform

Mozilla Investigator MIG is a platform to perform investigative surgery on remote endpoints.

Threat_Note – Lightweight Investigation Notebook

Threat_Note is a web application built to allow security researchers the ability to add and retrieve indicators related to their research.

ProcDOT – Tool to Process Procmon and PCAP Logs

ProcDOT is a tool that process Sysinternals Process Monitor (Procmon) logfiles and PCAP-logs (Windump, Tcpdump) to generate a graph via the GraphViz suite.

HashMyFiles – Calculate MD5/SHA1/CRC32 Files Hashes

HashMyFiles is small utility that allows you to calculate the MD5 and SHA1 hashes of one or more files in your system. You can easily copy the MD5/SHA1 hashes list into the clipboard, or save them into text/html/xml file.

Event Log Explorer – Windows Event Log Analysis Program

Windows Event Log Explorer is an effective software solution for viewing, analyzing and monitoring events recorded in Microsoft Windows event logs.

Timesketch – Collaborative Forensic Timeline Analysis

Timesketch is an open source tool for collaborative forensic timeline analysis.

DataDump – Dump Segments From Logical Device

DataDump is a free tool which allows you to dump segments of data from an original source image or physical/logical device.