Add DumpIt and Redline

DumpIt is a Windows memory imaging tool. It makes use of win32dd and win64dd. Redline on the other hand, is a all in one tool that can assist in development of a threat assessment profile.
This commit is contained in:
John Troony 2015-11-25 12:57:21 +00:00
parent cf5abaef21
commit ada6c7fa7e

View File

@ -33,6 +33,7 @@ A curated list of tools and resources for security incident response, aimed to h
### Memory Imaging Tools
* [OSForensics](http://www.osforensics.com/) - OSForensics can acquire live memory on 32bit and 64bit systems. A dump of an individual processs memory space or physical memory dump can be done
* [Belkasoft Live RAM Capturer](http://forensic.belkasoft.com/en/ram-capturer) - A tiny free forensic tool to reliably extract the entire content of the computers volatile memory even if protected by an active anti-debugging or anti-dumping system
* [DumpIt](http://www.moonsols.com/2011/07/18/moonsols-dumpit-goes-mainstream/) - MoonSols DumpIt is a fusion of win32dd and win64dd in one executable, it can generate a copy of the physical memory in the current working directory.
### Process Dump Tools
* [PMDump](http://ntsecurity.nu/toolbox/pmdump/) - PMDump is a tool that lets you dump the memory contents of a process to a file without stopping the process
@ -52,6 +53,7 @@ A curated list of tools and resources for security incident response, aimed to h
* [GRR Rapid Response](https://github.com/google/grr) - GRR Rapid Response is an incident response framework focused on remote live forensics. It consists of a python agent (client) that is installed on target systems, and a python server infrastructure that can manage and talk to the agent.
* [MIG](http://mig.mozilla.org/) - Mozilla Investigator (MIG) is a platform to perform investigative surgery on remote endpoints. It enables investigators to obtain information from large numbers of systems in parallel, thus accelerating investigation of incidents and day-to-day operations security.
* [FIDO](https://github.com/Netflix/Fido) - Fully Integrated Defense Operation (FIDO) by Netflix is an orchestration layer used to automate the incident response process by evaluating, assessing and responding to malware. FIDOs primary purpose is to handle the heavy manual effort needed to evaluate threats coming from today's security stack and the large number of alerts generated by them.
* [Redline](https://www.fireeye.com/services/freeware/redline.html) - provides host investigative capabilities to users to find signs of malicious activity through memory and file analysis, and the development of a threat assessment profile.
### Incident Management
* [FIR](https://github.com/certsocietegenerale/FIR/) - Fast Incident Response (FIR) is an cybersecurity incident management platform designed with agility and speed in mind. It allows for easy creation, tracking, and reporting of cybersecurity incidents and is useful for CSIRTs, CERTs and SOCs alike.
@ -66,6 +68,7 @@ A curated list of tools and resources for security incident response, aimed to h
* [AChoir](https://github.com/OMENScan/AChoir) - Achoir is a framework/scripting tool to standardize and simplify the process of scripting live acquisition utilities for Windows.
### Other Tools
* [Hindsight](https://github.com/obsidianforensics/hindsight) - Internet history forensics for Google Chrome/Chromium
* [Kansa](https://github.com/davehull/Kansa/) - Kansa is a modular incident response framework in Powershell.