Tag Archives: Incident Handling

UserAssistView – Display UserAssist Items

One of the programs that will be helpful in the incident response from Nirsoft is UserAssistView.

DSi USB Write Blocker

DSi USB Write Blocker Utility will help into converting the USB stick into read only mode so no change or modification is allowed which comes at the end when all information requirement collected.

LastActivityView – Tool to Review Operating System Activity

LastActivityView is a tool for Windows operating system that collects information from various sources on a running system, and displays a log of actions made by the user and events occurred on this computer.

SCOT – Sandia Cyber Omni Tracker

The Sandia Cyber Omni Tracker (SCOT) is a cyber security incident response management system and knowledge base. Designed by cyber security incident responders, SCOT provides a new approach to manage security alerts, analyze data for deeper patterns, coordinate team efforts,

nightHawkResponse – Incident Response Framework

nightHawkResponse is a custom built application for asynchronus forensic data presentation on an Elasticsearch backend. This application is designed to ingest a Mandiant Redline "collections" file and give flexibility in search/stack and tagging.

GetData Forensic Imager – Program to Take Forensic Image

GetData Forensic Imager is a Windows based program that will acquire, convert, or verify a forensic image in one of the following common forensic file formats.

PSRecon – PowerShell Utility for Real-time Incident Response and Data Acquisition

System administrators count on using PowerShell to solve problems on different windows operating system. This helps to start scheduled tasks or launch commands remotely on thousands of servers using some simple scripts with too much automation. Information security related events