Tag Archives: Incident Handling

USBDeview – Lists Connected USB Devices

USBDeview is a small utility that lists all USB devices that currently connected to your computer, as well as all USB devices that you previously used.

UserAssistView – Display UserAssist Items

One of the programs that will be helpful in the incident response from Nirsoft is UserAssistView.

DSi USB Write Blocker

DSi USB Write Blocker Utility will help into converting the USB stick into read only mode so no change or modification is allowed which comes at the end when all information requirement collected.

LastActivityView – Tool to Review Operating System Activity

LastActivityView is a tool for Windows operating system that collects information from various sources on a running system, and displays a log of actions made by the user and events occurred on this computer.

SCOT – Sandia Cyber Omni Tracker

The Sandia Cyber Omni Tracker (SCOT) is a cyber security incident response management system and knowledge base. Designed by cyber security incident responders, SCOT provides a new approach to manage security alerts, analyze data for deeper patterns, coordinate team efforts,

nightHawkResponse – Incident Response Framework

nightHawkResponse is a custom built application for asynchronus forensic data presentation on an Elasticsearch backend. This application is designed to ingest a Mandiant Redline "collections" file and give flexibility in search/stack and tagging.

GetData Forensic Imager – Program to Take Forensic Image

GetData Forensic Imager is a Windows based program that will acquire, convert, or verify a forensic image in one of the following common forensic file formats.