From bc1c24d75494f00db42e0558ff2e30cc5881874c Mon Sep 17 00:00:00 2001 From: Herman Slatman Date: Thu, 10 Nov 2016 01:20:25 +0100 Subject: [PATCH 1/3] Add TheHive --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 9340084..f1083dd 100644 --- a/README.md +++ b/README.md @@ -46,6 +46,7 @@ A curated list of tools and resources for security incident response, aimed to h * [Osquery](https://osquery.io/) - with osquery you can easily ask questions about your Linux and OSX infrastructure. Whether your goal is intrusion detection, infrastructure reliability, or compliance, osquery gives you the ability to empower and inform a broad set of organizations within your company. Queries in the *incident-response pack* help you detect and respond to breaches * [Redline](https://www.fireeye.com/services/freeware/redline.html) - provides host investigative capabilities to users to find signs of malicious activity through memory and file analysis, and the development of a threat assessment profile * [The Sleuth Kit & Autopsy](http://www.sleuthkit.org) - The Sleuth Kit is a Unix and Windows based tool which helps in forensic analysis of computers. It comes with various tools which helps in digital forensics. These tools help in analyzing disk images, performing in-depth analysis of file systems, and various other things +* [TheHive](https://thehive-project.org/) - TheHive is a scalable 3-in-1 open source and free solution designed to make life easier for SOCs, CSIRTs, CERTs and any information security practitioner dealing with security incidents that need to be investigated and acted upon swiftly. * [X-Ways Forensics](http://www.x-ways.net/forensics/) - X-Ways is a forensics tool for Disk cloning and imaging. It can be used to find deleted files and disk analysis * [Zentral](https://github.com/zentralopensource/zentral) - combines osquery's powerful endpoint inventory features with a flexible notification and action framework. This enables one to identify and react to changes on OS X and Linux clients. From ccb093b0b17baf1df5bfe5c9383928554a2018ce Mon Sep 17 00:00:00 2001 From: Herman Slatman Date: Sun, 21 Aug 2016 16:15:00 +0200 Subject: [PATCH 2/3] Add VolatilityBot --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index f1083dd..64ce097 100644 --- a/README.md +++ b/README.md @@ -108,6 +108,7 @@ A curated list of tools and resources for security incident response, aimed to h * [Rekall](http://www.rekall-forensic.com/) - Open source tool (and library) for the extraction of digital artifacts from volatile memory (RAM) samples * [Responder PRO](http://www.countertack.com/responder-pro) - Responder PRO is the industry standard physical memory and automated malware analysis solution * [Volatility](https://github.com/volatilityfoundation/volatility) - An advanced memory forensics framework +* [VolatilityBot](https://github.com/mkorman90/VolatilityBot) - VolatilityBot is an automation tool for researchers cuts all the guesswork and manual tasks out of the binary extraction phase, or to help the investigator in the first steps of performing a memory analysis investigation. * [WindowsSCOPE](http://www.windowsscope.com/index.php?page=shop.product_details&flypage=flypage.tpl&product_id=35&category_id=3&option=com_virtuemart) - another memory forensics and reverse engineering tool used for analyzing volatile memory. It is basically used for reverse engineering of malwares. It provides the capability of analyzing the Windows kernel, drivers, DLLs, virtual and physical memory ### Memory Imaging Tools From c22a83df11230a84c71516eb31983ee4b8c43525 Mon Sep 17 00:00:00 2001 From: Herman Slatman Date: Fri, 26 Aug 2016 18:31:00 +0200 Subject: [PATCH 3/3] Add LMG --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 64ce097..1c1a02f 100644 --- a/README.md +++ b/README.md @@ -114,6 +114,7 @@ A curated list of tools and resources for security incident response, aimed to h ### Memory Imaging Tools * [Belkasoft Live RAM Capturer](http://belkasoft.com/ram-capturer) - A tiny free forensic tool to reliably extract the entire content of the computer’s volatile memory – even if protected by an active anti-debugging or anti-dumping system +* [Linux Memory Grabber](https://github.com/halpomeranz/lmg/) - A script for dumping Linux memory and creating Volatility profiles. * [Magnet RAM Capture](https://www.magnetforensics.com/free-tool-magnet-ram-capture/) - Magnet RAM Capture is a free imaging tool designed to capture the physical memory of a suspect’s computer. Supports recent versions of Windows * [OSForensics](http://www.osforensics.com/) - OSForensics can acquire live memory on 32bit and 64bit systems. A dump of an individual process’s memory space or physical memory dump can be done