From bdaf02a07bb4c49b1713cf7c8cb67e38b547aa3e Mon Sep 17 00:00:00 2001 From: Herman Slatman Date: Tue, 24 Nov 2015 11:57:20 +0100 Subject: [PATCH 1/2] DumpIt by MoonSols; generic download page --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 42d5300..357f3d1 100644 --- a/README.md +++ b/README.md @@ -62,6 +62,8 @@ A curated list of tools and resources for security incident response, aimed to h * [FECT](https://github.com/jipegit/FECT) - Fast Evidence Collector Toolkit (FECT) is a light incident response toolkit to collect evidences on a suspicious Windows computer. Basically it is intended to be used by non-tech savvy people working with a journeyman Incident Handler. * [PSRecon](https://github.com/gfoss/PSRecon/) - PSRecon gathers data from a remote Windows host using PowerShell (v2 or later), organizes the data into folders, hashes all extracted data, hashes PowerShell and various system properties, and sends the data off to the security team. The data can be pushed to a share, sent over email, or retained locally. * [FastIR Collector](https://github.com/SekoiaLab/Fastir_Collector) - FastIR Collector is a tool that collects different artefacts on live Windows systems and records the results in csv files. With the analyses of these artefacts, an early compromise can be detected. +* [DumpIt](http://www.moonsols.com/resources/) - DumpIt is used to generate a physical memory dump of Windows machines. It works with both x86 (32-bits) and x64 (64-bits) machines. + ### Other Tools * [Hindsight](https://github.com/obsidianforensics/hindsight) - Internet history forensics for Google Chrome/Chromium From 353fb86e01103bb623210d1074f659d653c8b09d Mon Sep 17 00:00:00 2001 From: Herman Slatman Date: Tue, 24 Nov 2015 11:58:29 +0100 Subject: [PATCH 2/2] AChoir Scripting Platform for Windows IR Utilities --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 357f3d1..5738e6f 100644 --- a/README.md +++ b/README.md @@ -63,6 +63,7 @@ A curated list of tools and resources for security incident response, aimed to h * [PSRecon](https://github.com/gfoss/PSRecon/) - PSRecon gathers data from a remote Windows host using PowerShell (v2 or later), organizes the data into folders, hashes all extracted data, hashes PowerShell and various system properties, and sends the data off to the security team. The data can be pushed to a share, sent over email, or retained locally. * [FastIR Collector](https://github.com/SekoiaLab/Fastir_Collector) - FastIR Collector is a tool that collects different artefacts on live Windows systems and records the results in csv files. With the analyses of these artefacts, an early compromise can be detected. * [DumpIt](http://www.moonsols.com/resources/) - DumpIt is used to generate a physical memory dump of Windows machines. It works with both x86 (32-bits) and x64 (64-bits) machines. +* [AChoir](https://github.com/OMENScan/AChoir) - Achoir is a framework/scripting tool to standardize and simplify the process of scripting live acquisition utilities for Windows. ### Other Tools