Category Archives: Incident Response

NTFS Log Tracker – Tool to Parse NTFS Logs

NTFS Log Tracker is a tool that can parse $LogFile, $UsnJrnl of NTFS.A input of this tool is sample file extracted by another tool like Encase, Winhex.

Ostinato – Network Traffic Generator

Ostinato is a packet generator and network traffic generator with a friendly GUI. Also a powerful Python API for network test automation. Craft and send packets of several streams with different protocols at different rates.

TAC – Timeline ActivitiesCache Parser

Microsoft released a Windows 10 update with the capability to show a chronology of actions taken by the user. This new application is called Timeline and is part of Windows Task View. TAC - Timeline ActivitiesCache Parser allows user to

MIG – Real-time IR and Investigation Platform

Mozilla Investigator MIG is a platform to perform investigative surgery on remote endpoints.

DFIRtriage – Windows-based Incident Response Tool

DFIRtriage is a tool intended to provide Incident Responders with rapid host data. Written in Python, the code has been compiled to eliminate the dependency of python on the target host.

Internet History Browser – Tool to Review Browsing History

Internet History Browser collects and displays internet browsing history in comprehensive interface with powerful filtering engine. You can trace and see all your (or someone else's) web sites visits including date and time and used browser.

Threat_Note – Lightweight Investigation Notebook

Threat_Note is a web application built to allow security researchers the ability to add and retrieve indicators related to their research.