Category Archives: Incident Response

WatchAD – AD Security Intrusion Detection System

WatchAD can detect a variety of known or unknown threats through features matching, Kerberos protocol analysis, historical behaviors, sensitive operations, honeypot accounts and so on.

Attack_monitor – Endpoint detection & Malware analysis software

Attack_monitor is Python application written to enhance security monitoring capabilities of Windows 7/2008 (and all later versions) workstations/servers and to automate dynamic analysis of malware.

Magnet RAM Capture – Tool to Analyze Memory Artifacts

MAGNET RAM Capture is a free imaging tool designed to capture the physical memory of a suspect’s computer, allowing investigators to recover and analyze valuable artifacts that are often only found in memory.

PyREBox – Python scriptable Reverse Engineering Sandbox

PyREBox is a Python scriptable Reverse Engineering sandbox. It is based on QEMU, and its goal is to aid reverse engineering by providing dynamic analysis and debugging capabilities from a different perspective.

Webfwlog – Web-Based Firewall Log Analysis and Reporting

Webfwlog is a flexible web-based firewall log analyzer and reporting tool. It supports standard system logs for linux, FreeBSD, OpenBSD, NetBSD, Solaris, Irix, OS X, etc.

Network Security Toolkit (NST) – Security Monitoring Toolkit

Network Security Toolkit (NST) is a bootable ISO image (Live DVD) based on Fedora 20 providing easy access to best-of-breed Open Source Network Security Applications and should run on most x86/x86_64 platforms.

NTFS Log Tracker – Tool to Parse NTFS Logs

NTFS Log Tracker is a tool that can parse $LogFile, $UsnJrnl of NTFS.A input of this tool is sample file extracted by another tool like Encase, Winhex.