Tag Archives: Forensics

USN Analytics -Tool to Analyze USN Journal

USN Analytics is a tool that specializes in USN Journal ($UsnJrnl:$J) analysis. USN journal is an internal system list of the NTFS file system

Stinger – Utility to Detect and Remove Specific Malwares

McAfee Stinger is a standalone utility used to detect and remove specific viruses. It’s not a substitute for full antivirus protection, but a specialized tool to assist administrators and users when dealing with infected system.

LNAV – Advanced Terminal Log File Viewer

LNAV - The Logfile Navigator, is an enhanced log file viewer that takes advantage of any semantic information that can be gleaned

TuxResponse – Linux Incident Response

TuxResponse is incident response script for linux systems written in bash. It can automate incident response activities on Linux systems

sbag – TZWorks Windows ShellBag Parser

sbag is a Windows registry parser that targets the Shellbag subkeys to pull useful directory and file artifacts to help identify user activity.

RegistryChangesView – Tool to Identify Registry Modification

RegistryChangesView is a tool for Windows that allows you to take a snapshot of Windows Registry and later compare it with another Registry snapshots

JP- TZWorks Windows Journal Parser

JP is a command line tool that targets NTFS change log journals. The change journal is a component of NTFS that will, when enabled