Intrusion Response Tools
Velociraptor allows incident response teams to rapidly collect and examine artifacts from across a network, and deliver forensic detail following a security incident. In the event of an incident, an investigator controls the Velociraptor agents to hunt for malicious activity, run targeted collections, perform file analysis, or pull large data samples. The Velociraptor Query Language (VQL) allows investigators to develop custom hunts to meet specific investigation needs with the ability to adapti queries quickly in response to shifting threats and new information gained through the investigation.
LINK: GitHub - Velocidex/velociraptor: Digging Deeper....
OWNER: Open Source
Timesketch is an open-source tool for collaborative forensic timeline analysis. Using sketches, users and their collaborators can easily organize timelines and analyze them all at the same time.
Turbinia is an open-source framework for deploying, managing, and running distributed forensic workloads.
dfTimewolf is an open-source framework for orchestrating forensic collection, processing, and data export.
SERVICE: VMware ESXi - Free
This tool can be used when setting up an environment to analyze malware. It is a bare-metal hypervisor that installs directly onto a physical server, providing direct access to, and control of, underlying resources. It can be used to effectively partition hardware to consolidate applications.
Cyber Security Cafe
Cyber Security Cafe is a private public service and offers no goods or services other than posting the current cyber threats we are facing and what we can do to prevent us from being affected and if we are, what we can do to correct the problems and to avoid intrusions in the future.
- Prevention often means not accepting the 'easy' ways.
- Most of Modern Technology exists in order to obtain your personal data.
Current Treats so you the latest and often most dangerous cyber threats. They indicate where they orininated from, and what areas they are targeting. By knowing in advance you can take precautionary actions now, before it's too late.
Are a group of tools and information that is designed to keep you up to date and to give you the tools to protect both your network and equipment. Most of the tools are available 'free of charge' too and are provided by safe governmental agencies.