From 0a387d4c2cfc70c48d5e0a868f57f9d9a1811515 Mon Sep 17 00:00:00 2001 From: Herman Slatman Date: Sun, 22 Nov 2015 15:25:02 +0100 Subject: [PATCH 1/5] Data Collection category added --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 2c58795..032cd2b 100644 --- a/README.md +++ b/README.md @@ -57,7 +57,7 @@ A curated list of tools and resources for security incident response, aimed to h * [SCOT](http://getscot.sandia.gov/) - Sandia Cyber Omni Tracker (SCOT) is an Incident Response collaboration and knowledge capture tool focused on flexibility and ease of use. Our goal is to add value to the incident response process without burdening the user. * [RTIR](https://www.bestpractical.com/rtir/) - Request Tracker for Incident Response (RTIR) is the premier open source incident handling system targeted for computer security teams. We worked with over a dozen CERT and CSIRT teams around the world to help you handle the ever-increasing volume of incident reports. RTIR builds on all the features of Request Tracker. - +### Data Collection ### Other Tools * [Hindsight](https://github.com/obsidianforensics/hindsight) - Internet history forensics for Google Chrome/Chromium From 9fb87f438b0426f9b17af689e67262157e454e37 Mon Sep 17 00:00:00 2001 From: Herman Slatman Date: Sun, 22 Nov 2015 15:26:43 +0100 Subject: [PATCH 2/5] Link data collection in contents --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 032cd2b..3f5d5ea 100644 --- a/README.md +++ b/README.md @@ -10,6 +10,7 @@ A curated list of tools and resources for security incident response, aimed to h - [Timeline tools](#timeline-tools) - [All in one tools](#all-in-one-tools) - [Incident Management](#incident-management) +- [Data Collection](#data-collection) - [Other tools](#other-tools) - [Videos](#videos) From b1d25f765613d100744f0c245a6bea546a721585 Mon Sep 17 00:00:00 2001 From: Herman Slatman Date: Sun, 22 Nov 2015 15:27:23 +0100 Subject: [PATCH 3/5] Move FECT + PSRecon to Data Collection --- README.md | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 3f5d5ea..e8ba068 100644 --- a/README.md +++ b/README.md @@ -59,14 +59,12 @@ A curated list of tools and resources for security incident response, aimed to h * [RTIR](https://www.bestpractical.com/rtir/) - Request Tracker for Incident Response (RTIR) is the premier open source incident handling system targeted for computer security teams. We worked with over a dozen CERT and CSIRT teams around the world to help you handle the ever-increasing volume of incident reports. RTIR builds on all the features of Request Tracker. ### Data Collection +* [FECT](https://github.com/jipegit/FECT) - Fast Evidence Collector Toolkit (FECT) is a light incident response toolkit to collect evidences on a suspicious Windows computer. Basically it is intended to be used by non-tech savvy people working with a journeyman Incident Handler. +* [PSRecon](https://github.com/gfoss/PSRecon/) - PSRecon gathers data from a remote Windows host using PowerShell (v2 or later), organizes the data into folders, hashes all extracted data, hashes PowerShell and various system properties, and sends the data off to the security team. The data can be pushed to a share, sent over email, or retained locally. ### Other Tools * [Hindsight](https://github.com/obsidianforensics/hindsight) - Internet history forensics for Google Chrome/Chromium -* [FECT](https://github.com/jipegit/FECT) - Fast Evidence Collector Toolkit (FECT) is a light incident response toolkit to collect evidences on a suspicious Windows computer. Basically it is intended to be used by non-tech savvy people working with a journeyman Incident Handler. * [Kansa](https://github.com/davehull/Kansa/) - Kansa is a modular incident response framework in Powershell. -* [PSRecon](https://github.com/gfoss/PSRecon/) - PSRecon gathers data from a remote Windows host using PowerShell (v2 or later), organizes the data into folders, hashes all extracted data, hashes PowerShell and various system properties, and sends the data off to the security team. The data can be pushed to a share, sent over email, or retained locally. - - ### Videos * [Demisto IR video resources](https://www.demisto.com/category/videos/) - Video Resources for Incident Response and Forensics Tools From f9f0316d19416d6f1311a49b3e13ca3a4613fabe Mon Sep 17 00:00:00 2001 From: Herman Slatman Date: Sun, 22 Nov 2015 15:28:06 +0100 Subject: [PATCH 4/5] FastIR Collector added --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index e8ba068..146d55a 100644 --- a/README.md +++ b/README.md @@ -61,6 +61,7 @@ A curated list of tools and resources for security incident response, aimed to h ### Data Collection * [FECT](https://github.com/jipegit/FECT) - Fast Evidence Collector Toolkit (FECT) is a light incident response toolkit to collect evidences on a suspicious Windows computer. Basically it is intended to be used by non-tech savvy people working with a journeyman Incident Handler. * [PSRecon](https://github.com/gfoss/PSRecon/) - PSRecon gathers data from a remote Windows host using PowerShell (v2 or later), organizes the data into folders, hashes all extracted data, hashes PowerShell and various system properties, and sends the data off to the security team. The data can be pushed to a share, sent over email, or retained locally. +* [FastIR Collector](https://github.com/SekoiaLab/Fastir_Collector) - FastIR Collector is a tool that collects different artefacts on live Windows systems and records the results in csv files. With the analyses of these artefacts, an early compromise can be detected. ### Other Tools * [Hindsight](https://github.com/obsidianforensics/hindsight) - Internet history forensics for Google Chrome/Chromium From 14054aba6c76a65e24d15c2ea35558502f15f239 Mon Sep 17 00:00:00 2001 From: Herman Slatman Date: Sun, 22 Nov 2015 15:33:34 +0100 Subject: [PATCH 5/5] Change of category title + link --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 146d55a..42d5300 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,7 @@ A curated list of tools and resources for security incident response, aimed to h - [Timeline tools](#timeline-tools) - [All in one tools](#all-in-one-tools) - [Incident Management](#incident-management) -- [Data Collection](#data-collection) +- [Windows Evidence Collection](#windows-evidence-collection) - [Other tools](#other-tools) - [Videos](#videos) @@ -58,7 +58,7 @@ A curated list of tools and resources for security incident response, aimed to h * [SCOT](http://getscot.sandia.gov/) - Sandia Cyber Omni Tracker (SCOT) is an Incident Response collaboration and knowledge capture tool focused on flexibility and ease of use. Our goal is to add value to the incident response process without burdening the user. * [RTIR](https://www.bestpractical.com/rtir/) - Request Tracker for Incident Response (RTIR) is the premier open source incident handling system targeted for computer security teams. We worked with over a dozen CERT and CSIRT teams around the world to help you handle the ever-increasing volume of incident reports. RTIR builds on all the features of Request Tracker. -### Data Collection +### Windows Evidence Collection * [FECT](https://github.com/jipegit/FECT) - Fast Evidence Collector Toolkit (FECT) is a light incident response toolkit to collect evidences on a suspicious Windows computer. Basically it is intended to be used by non-tech savvy people working with a journeyman Incident Handler. * [PSRecon](https://github.com/gfoss/PSRecon/) - PSRecon gathers data from a remote Windows host using PowerShell (v2 or later), organizes the data into folders, hashes all extracted data, hashes PowerShell and various system properties, and sends the data off to the security team. The data can be pushed to a share, sent over email, or retained locally. * [FastIR Collector](https://github.com/SekoiaLab/Fastir_Collector) - FastIR Collector is a tool that collects different artefacts on live Windows systems and records the results in csv files. With the analyses of these artefacts, an early compromise can be detected.