Category Archives: Incident Response
NTFS Log Tracker – Tool to Parse NTFS Logs
NTFS Log Tracker is a tool that can parse $LogFile, $UsnJrnl of NTFS.A input of this tool is sample file extracted by another tool like Encase, Winhex.
Ostinato – Network Traffic Generator
Ostinato is a packet generator and network traffic generator with a friendly GUI. Also a powerful Python API for network test automation. Craft and send packets of several streams with different protocols at different rates.
TAC – Timeline ActivitiesCache Parser
Microsoft released a Windows 10 update with the capability to show a chronology of actions taken by the user. This new application is called Timeline and is part of Windows Task View. TAC - Timeline ActivitiesCache Parser allows user to
MIG – Real-time IR and Investigation Platform
Mozilla Investigator MIG is a platform to perform investigative surgery on remote endpoints.
DFIRtriage – Windows-based Incident Response Tool
DFIRtriage is a tool intended to provide Incident Responders with rapid host data. Written in Python, the code has been compiled to eliminate the dependency of python on the target host.
Internet History Browser – Tool to Review Browsing History
Internet History Browser collects and displays internet browsing history in comprehensive interface with powerful filtering engine. You can trace and see all your (or someone else's) web sites visits including date and time and used browser.
Threat_Note – Lightweight Investigation Notebook
Threat_Note is a web application built to allow security researchers the ability to add and retrieve indicators related to their research.
