CIHv2
Netstat (https://docs.microsoft.com)
Network Analysis Tools Displays active TCP connections, ports on which the computer is listening, Ethernet statistics, the IP routing table, IPv4 statistics (for the IP, ICMP, TCP, and UDP protocols), and IPv6 statistics (for the IPv6, ICMPv6, TCP over IPv6, and UDP over IPv6 protocols). Used without parameters, netstat displays active TCP connections.
Netstat -ab (Windows)
Commands/Tools to Collect Volatile Information Use netstat -ab output to determine all the executable files for running processes.
Netstat
Commands/Tools to Collect Volatile Information A TCP/IP troubleshooting utility that displays statistics and the state of current TCP/IP connections. It also displays ports, which can signal whether services are using the correct ports.
Nbtstat
Commands/Tools to Collect Volatile Information A Windows utility that is used to view and manage NetBIOS name cache information and troubleshoot NetBIOS name resolution problems
Nmap (https://nmap.org)
Network Analysis Tools Network Analysis Tool. Review it and know the functionality
Snort (https://www.snort.org)
Detecting the Inappropriate Usage Incidents: Firewall and IDS Evasion Detection Tools · an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis and content searching/matching, and is used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, and OS fingerprinting attempts. It uses a flexible rules language to describe traffic that it should collect or pass, as well as a detection engine that utilizes a modular plug-in architecture.
Low Orbit Ion Cannon (LOIC) (https://sourceforge.net)
DoS/DDos Attack Tools a network stress testing and DoS attack application. We can also call it an application-based DOS attack as it mostly targets web applications. We can use LOIC on a target site to flood the server with TCP packets, UDP packets, or HTTP requests with the intention of disrupting the service of a particular host.
High Orbit Ion Cannon (HOIC) (https://sourceforge.net)
DoS/DDos Attack Tools ·a network stress and DoS/DDoS attack application. This tool is written in BASIC language. It is designed to attack up to 256 target URLs simultaneously. It sends HTTP POST and GET requests at a computer that uses lulz inspired GUIs · Commands and Functions
Gpg4win (https://www.gpg4win.org)
Email Security Tools enables users to securely transport emails and files with the help of encryption and digital signatures. supports both relevant cryptography standards, OpenPGP and S/MIME (X.509),
PoliteMail (https://politemail.com)
Email Tracking Tools Open, click and read-time with attention, effective and engagement metrics. Personalization & Follow-up Segmentation. Content Creation and Management Responsive HTML page creation, standardization, distribution control
G-Lock Analytics
Email Tracking Tools Email Analytics. Who read your email and who deleted it? Did they print or forward it? See email client popularity, engagement, clicks, prints, forwards, unsubscribes and geolocation.
Autopsy (http://www.sleuthkit.org)
Forensic Analysis Tools a digital forensics platform and graphical interface to The Sleuth Kit and other digital forensics tools. This tool helps incident handlers to view the file system, retrieve deleted data, perform timeline analysis, and web artifacts during an incident response.
EnCase Forensic (https://www.guidancesoftware.com)
Forensic Analysis Tools This tool can collect lot of data from many devices and extract potential evidence. It also generates an evidence report. Can help incident responders acquire large amounts of evidence, as fast as possible from laptops and desktop computers to mobile devices. Directly acquires the data and integrates the results into the cases.
Helix3 (http://www.e-fense.com)
Forensic Analysis Tools gives visibility across your entire infrastructure revealing malicious activities such as internet abuse, data sharing and harassment. It also allows you to isolate and respond to incidents or threats quickly and without user detection through a central administration tool. It allows you to quickly detect, identify, analyze, preserve and report.
Kiwi Syslog Server (https://www.kiwisyslog.com)
Incident Analysis and Validation Tool a centralized and simplified log message management tool across various network devices and servers. It is used to centrally manage syslog messages, generate real-time alerts based on syslog messages, and perform advanced message filtering and message buffering. It collects syslog messages, SNMP traps, and Windows event log data from IT infrastructure. It monitors logs in real time through a secure and intuitive web interface.
ObserveIT (https://www.observeit.com)
Insider Threat Detection Tools enables organizations to quickly identify and eliminate insider threats. It is an insider threat management solution that provides organizations with "eyes on the endpoint" and the ability to continuously monitor user behavior. ObserveIT alerts the security and IT teams
Wireshark (https://www.wireshark.org)
Live System Analysis: Browser Activity Monitoring Tools Wireshark is a widely used network protocol analyzer. It captures and intelligently browses the traffic passing through a network
Tripwire File Integrity Manager
Live System Analysis: Files and Folder Monitoring Tools Another file integrity monitoring application
SIGVERIF (https://support.microsoft.com)
Live System Analysis: Files and Folder Monitoring Tools a built-in Windows tool that comes inbuilt in Windows 10/8/7 and searches for unsigned drivers on a system. This tool will help to find unsigned drivers. When you observe an unsigned driver, you can move that to a new folder, restart the system, and test the program and its functionality for errors.
CronitorCLI (https://cronitor.io)
Live System Analysis: Scheduled Task Monitoring Tools Cron Job Monitoring. Continuous monitoring for the jobs, pipelines, daemons, and APIs that power your business.
Windows Service Manager (SrvMan) (http://tools.sysprogs.org)
Live System Analysis: Windows Services Monitoring Tool has both GUI and Command-line modes. It can also be used to run arbitrary Win32 applications as services. Can create services and Delete Services
IDA Pro (https://www.hex-rays.com)
Malware Analysis Tools binary analysis tool. C/C++ binaries
VirusTotal (https://www.virustotal.com)
Malware Analysis Tools Check urls for malware
Volatility Framework (https://www.volatilityfoundation.org
Memory Dump Analysis Using Volatility Framework Memory analysis helps in collecting various malware artifacts from a system that does not have power supply. This step is crucial, as turning on the system may result in the spread of malware, change of settings, change in memory, and disruption of evidence. Memory analysis also helps incident responders to conduct a deeper analysis to assess the impact, location, and propagation methods of the malware. Incident responders can use common memory analysis framework or tool like this one to perform memory dump analysis
IDA Pro (https://www.hex-rays.com)
Memory Dump Analysis: Malware Disassembly Tools multiplatform disassembler and debugger that explores binary programs, for which source code is not always available, to create maps of their execution. It shows the instructions in the same way as a processor executes them in a symbolic representation called assembly language. Thus, it is easy for you to find the harmful or malicious processes
Nbtstat (https://docs.microsoft.com)
Network Analysis Tools Network Analysis Tool. Review it and know the functionality
TCPView (https://docs.microsoft.com)
Network Analysis Tools Network Analysis Tool. Review it and know the functionality. a Windows program that will show you detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connections.
Wireshark (https://www.wireshark.org)
Network Analysis Tools Tools for Detection and Validation of Suspicious Network Events Network Analysis Tool. Review it and know the functionality. Widely used network protocol analyzer. It captures and intelligently browses the traffic passing through a network.
Metasploit (https://www.metasploit.com)
Penetration Testing Framwork
Process Explorer (https://docs.microsoft.com)
Process Analysis Tools Find out what files, registry keys and other objects processes have open, which DLLs they have loaded, and more.
Process Monitor (https://docs.microsoft.com)
Process Analysis Tools advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. It combines the features of two legacy Sysinternals utilities, Filemon and Regmon, and adds an extensive list of enhancements including rich and non-destructive filtering, comprehensive event properties such session IDs and user names, reliable process information, full thread stacks with integrated symbol support for each operation, simultaneous logging to a file, and much more. Its uniquely powerful features will make Process Monitor a core utility in your system troubleshooting and malware hunting toolkit.
KeepNote (http://keepnote.org)
Report Writing Tool KeepNote is a note taking application that works on Windows, Linux, and MacOS X. With KeepNote, you can store your class notes, TODO lists, research notes, journal entries, paper outlines, and so on in a simple notebook hierarchy with rich-text formatting,
PILAR - Risk Analysis and Management Tool
Risk Management Tool tool helps incident handlers to assess risks against critical assets of the organization in several dimensions such as confidentiality, integrity, availability, authenticity, and accountability.
Process Explorer
Task Manager on Steroids shows the information about the handles and DLLs of the processes, which have been opened or loaded. The Process Explorer display consists of two sub-windows. The top window always shows a list of the currently active processes, including the names of their owning accounts.
Request Tracker for Incident Response (RTIR) (https://bestpractical.com)
Ticketing Systems Tool Open Source Ticketing System
ManageEngine ServiceDesk Plus (https://www.manageengine.com)
Ticketing Systems Tool a comprehensive ticketing system employed by various IT security teams across global companies. It is effectively used in incident management, problem management, change management, and IT project management applications. It is very much known for its employment of latest technologies like automation and artificial intelligence in its ticketing systems.
MxToolbox (https://mxtoolbox.com)
Tools for Analyzing Email Headers This tool will make email headers human readable by parsing them according to RFC 822. Email headers are present on every email you receive via the internet and can provide valuable diagnostic information like hop delays, antispam results, and so on. Incident handlers can use this tool to analyze email headers and detect spam emails.
G Suite Toolbox (https://toolbox.googleapps.com
Tools for Analyzing Email Headers etc. Tool suite for analyzing email issues, DNS MX records,
Email Dossier (https://centralops.net)
Tools for Checking the Email Validity · a part of the CentralOps.net suite of online network utilities. It is a scanning tool that the incident handler can use to check the validity of an email address. It provides information about email address, including the mail exchange records. This tool initiates SMTP sessions to check address acceptance, but it never actually sends email.