From fe443b7452597fe13f49812e623a735c31c61db9 Mon Sep 17 00:00:00 2001 From: Meir Wahnon Date: Sat, 9 Jan 2016 14:16:04 +0200 Subject: [PATCH 1/2] Add Evidence collectors section for multi platform --- README.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index f805a61..62a608a 100644 --- a/README.md +++ b/README.md @@ -10,6 +10,7 @@ A curated list of tools and resources for security incident response, aimed to h - [Timeline tools](#timeline-tools) - [All in one tools](#all-in-one-tools) - [Incident Management](#incident-management) +- [Evidence Collection](#evidence-collection) - [Windows Evidence Collection](#windows-evidence-collection) - [OSX Evidence Collection](#osx-evidence-collection) - [Sandboxing/reversing tools](#sandboxingreversing-tools) @@ -72,6 +73,11 @@ A curated list of tools and resources for security incident response, aimed to h * [RTIR](https://www.bestpractical.com/rtir/) - Request Tracker for Incident Response (RTIR) is the premier open source incident handling system targeted for computer security teams. We worked with over a dozen CERT and CSIRT teams around the world to help you handle the ever-increasing volume of incident reports. RTIR builds on all the features of Request Tracker. * [threat_note](https://github.com/defpoint/threat_note) - A lightweight investigation notebook that allows security researchers the ability to register and retrieve indicators related to their research. +### Evidence Collection +* [Live Response Collection](https://www.brimorlabs.com/tools/) - The Live Response collection by BriMor Labs is an automated tool that collects volatile data from Windows, OSX, and *nix based operating systems. +* [bulk_extractor](https://github.com/simsong/bulk_extractor) - bulk_extractor is a computer forensics tool that scans a disk image, a file, or a directory of files and extracts useful information without parsing the file system or file system structures. Because of ignoring the file system structure, the program distinguishes itself in terms of speed and thoroughness. +* + ### Windows Evidence Collection * [FECT](https://github.com/jipegit/FECT) - Fast Evidence Collector Toolkit (FECT) is a light incident response toolkit to collect evidences on a suspicious Windows computer. Basically it is intended to be used by non-tech savvy people working with a journeyman Incident Handler. * [PSRecon](https://github.com/gfoss/PSRecon/) - PSRecon gathers data from a remote Windows host using PowerShell (v2 or later), organizes the data into folders, hashes all extracted data, hashes PowerShell and various system properties, and sends the data off to the security team. The data can be pushed to a share, sent over email, or retained locally. @@ -109,9 +115,7 @@ A curated list of tools and resources for security incident response, aimed to h * [Stalk](https://www.percona.com/doc/percona-toolkit/2.2/pt-stalk.html) - Collect forensic data about MySQL when problems occur. * [DNS Miner](http://dnsminer.net/) - DNS Miner is a semi-automatic incident response and threat intelligence tool for small, over worked security teams. Specific incident reponse features include a DNS sinkhole and historical analysis of DNS traffic against newly arriving data, e.g. suspicious domain lists. * [traceroute-circl](https://github.com/CIRCL/traceroute-circl) - traceroute-circl is an extended traceroute to support the activities of CSIRT (or CERT) operators. Usually CSIRT team have to handle incidents based on IP addresses received. Created by Computer Emergency Responce Center Luxembourg. -* [Live Response Collection](https://www.brimorlabs.com/tools/) - The Live Response collection by BriMor Labs is an automated tool that collects volatile data from Windows, OSX, and *nix based operating systems. * [Fenrir](https://github.com/Neo23x0/Fenrir) - Fenrir is a simple IOC scanner. It allows scanning any Linux/Unix/OSX system for IOCs in plain bash. Created by the creators of THOR and LOKI -* [bulk_extractor](https://github.com/simsong/bulk_extractor) - bulk_extractor is a computer forensics tool that scans a disk image, a file, or a directory of files and extracts useful information without parsing the file system or file system structures. Because of ignoring the file system structure, the program distinguishes itself in terms of speed and thoroughness. * [Stenographer](https://github.com/google/stenographer) - Stenographer is a packet capture solution which aims to quickly spool all packets to disk, then provide simple, fast access to subsets of those packets. It stores as much history as it possible, managing disk usage, and deleting when disk limits are hit. It's ideal for capturing the traffic just before and during an incident, without the need explicit need to store all of the network traffic. From 075d2a5796ab535b9f1ce59f0ce88125a6e8db75 Mon Sep 17 00:00:00 2001 From: Meir Wahnon Date: Sat, 9 Jan 2016 14:21:54 +0200 Subject: [PATCH 2/2] fix empty raw --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 62a608a..ae9cd60 100644 --- a/README.md +++ b/README.md @@ -76,7 +76,6 @@ A curated list of tools and resources for security incident response, aimed to h ### Evidence Collection * [Live Response Collection](https://www.brimorlabs.com/tools/) - The Live Response collection by BriMor Labs is an automated tool that collects volatile data from Windows, OSX, and *nix based operating systems. * [bulk_extractor](https://github.com/simsong/bulk_extractor) - bulk_extractor is a computer forensics tool that scans a disk image, a file, or a directory of files and extracts useful information without parsing the file system or file system structures. Because of ignoring the file system structure, the program distinguishes itself in terms of speed and thoroughness. -* ### Windows Evidence Collection * [FECT](https://github.com/jipegit/FECT) - Fast Evidence Collector Toolkit (FECT) is a light incident response toolkit to collect evidences on a suspicious Windows computer. Basically it is intended to be used by non-tech savvy people working with a journeyman Incident Handler.