Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
C702 tools
Forensic Investigation tools
| Term | Definition |
|---|---|
| *Azazel | a userland rootkit anti-forensic tool written in C and from Jynx rootkit. It is more robust and has additional features and focuses heavily around anti-debugging and anti-detection. |
| The Sleuth Kit (TSK) | a library of command line tools for investigating disk images, analyzing volume and filing system data. library can be incorporated into larger digital forensics tools and the command line tools can be directly used to find evidence. |
| * Gargoyle Investigator Forensic Pro | conducts searches on computer or machine for known contraband and malicious programs. finds remnants. signature contains botnets, Trojans, steganography, encryption, and keyloggers . helps detect stego files created by BlindSide, WeavWav, and S-Tools. |
| *0phtcrack | a free Windows password cracker based on rainbow tables. It comes with a Graphical User Interface and runs on multiple platforms. |
| Evidence Examiner Investigator | Examines and sorts the evidence according to its relevancy to the case. Maintains an evidence hierarchy with the most important evidence given a high priority. |
| *EaseUS | a data recovery program that utilizes a Wizard user interface to guide users through the data recovery process. There are free and paid versions of the software on both Windows and macOS. |
| Incident Analyzer | Analyzes the incidents based on their occurrence. examines the incident with regard to its type, how it affects the systems, different threats and vulnerabilities associated with it, etc. |
| *DaveGrohl | a brute-force password cracker for macOS. It was originally created in 2010 as a password hash extractor but has since evolved into a standalone or distributed password cracker |
| *SmartWhoIs | network information utility to look up all the available information about an IP address, hostname or domain, including country, state or province, city, name of the network provider, administrator and technical support contact information. |
| Zamzar | supports over 1200 different conversions such as Video Converter, Audio Converter, Music Converter, eBook Converter, Image Converter, and CAD Converter. |
| Snow Batch | a Windows-based image conversion and file conversion application that converts large batches of image or document files from one format to another. |
| IrfanView | a small FREEWARE (for non-commercial use) graphic viewer for Windows 9x, ME, NT, 2000, XP, 2003, 2008, Vista, Windows 7, Windows 8, Windows 10 |
| Paraben's P2C (P2 Commander) | a digital investigation tool used by forensic examiners. It has an integrated database with multi-threading. email examination tools for unparalleled network email and personal email archive analysis. |
| L0phtCrack | a password auditing and recovery software. It is packed with features such as scheduling, hash extraction from 64 bit Windows versions, multiprocessor algorithms, and network monitoring and decoding. |
| Mini Tool Power Data Recovery Enterprise | can recover data including images, texts, videos, music, and emails. It supports different data loss situations like important data lost because of deletion by mistake, formatting, logical damage, etc. |
| Paraben's DP2C | a data targeted collection tool for triage forensics. special software that runs from a USB drive and allows the collection of specific type of data from Windows-based systems to the evidence drive |
| Oxygen Forensic Kit | is a ready-to-use and customizable mobile forensic solution for field and in-lab usage. It allows not only extraction of data from the device but also creates reports and analyzes data in the field |
| Autopsy | a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools. It is used by LE, military, and corporate examiners. can even be used to recover photos from a camera's memory card. |
| Sleuth Kit | a collection of command line tools and a C library that allows you to analyze disk images and recover files from them. |
| Xplico | to extract the applications data contained from an internet traffic capture. For example, each email (POP, IMAP, and SMTP protocols), all HTTP contents, each VoIP call (SIP), FTP, TFTP, and so on. an open source Network Forensic Analysis Tool (NFAT) |
| Freeware Hex Editor Neo | allows viewing, modifying, analyzing hexadecimal data and binary files, editing, exchanging data with other applications through the clipboard, inserting new data and deleting existing data, as well as performing other editing actions. |
| mailXaminer | used to search and uncover relevant information by conducting, coordinating, and real-time monitoring of a case with an investigative team to get thorough and unambiguous evidence in a court admissible file format. |
| PALADIN | a modified “live” Linux distribution based on Ubuntu used to fulfill various forensics tasks in a forensically sound manner via a Toolbox. available in 64-bit and 32-bit versions |
| Nuix Corp Investigation Suite | used to collect, process, analyze, review, and report on electronic evidence. |
| Access Data's FTK | a court-cited digital investigations platform. It provides processing and indexing up front, so filtering and searching is fast. can be setup for distributed processing and incorporate web-based case management and collaborative analysis. |
| File Merlin | converts word processing, spreadsheet, presentation and dB files between file formats. premier document conversion product, it is suitable for straightforward as well as complex documents, and is the most accurate, complete and flexible |
| R-drive image | utility for creating disk image files for backup or duplication. restores the images on the original disks, other partitions, or hard drive's free space. can restore the system after data loss caused by OS crash, virus attack, or hardware failure. |
| CAPSA Free | a network analyzer that allows monitoring of network traffic, troubleshooting, and analyzing packets. supports multiple protocols, MSN, and Yahoo Messenger filters, email monitor and auto-save, and customizable reports and dashboards. |
| Recuva | can recover lost pictures, music, documents, videos, emails or any other file type and it can also recover data from any rewriteable media like memory cards, external hard drives, USB sticks, etc. |
| Cain and Abel | PW recovery tool for MS OS. by sniffing, cracking using Dictionary, Brute-Force, and Cryptanalysis, recording VoIP conversations, decoding passwords, recovering wireless network keys, revealing PW boxes, and analyzing routing protocols. Cain can spoof. |
| Shadow 3 | helps to view suspect computers at the scene of the investigation in real time without prior need to image hard drives and without the need for clumsy virtual viewing software; all without corrupting the evidence |
| CRU® WiebeTech® HotPlugTM | one can transport a computer without shutting it down. allows seizure and removal of computers from the field to anywhere else. |
| CRU® WiebeTech® Drive eRazerTM Ultra | a device that can completely clean hard drives. Simply connect a drive and it will sanitize the drive and without tying up the computer. |
| FREDC | a fully configured, private cloud, for Forensic Storage. Centralized Storage, centralized administration, centralized security, and centralized backup |
| μFRED (MicroFRED) | has much of the processing power of a full size FRED system but in a package only a fraction of the size (9" x 8" x 13") |
| VOOM Hardcopy 3P | a forensic SATA/IDE Hard Drive Imager, Cloner, and Wiper with NIST approved SHA256 built into the hardware |
| Tableau T8-R2 Forensic USB Bridge | offers secure, hardware-based write blocking of USB mass storage devices. |
| data recovery stick | can recover deleted files. no software download, just plug into a USB port, open the software, and start recovery. Even if files have been deleted from the recycle bin, they can be still recovered as long as they have not been overwritten. |
| Write project desktop | provides digital forensic professionals with a secure, read-only write-blocking of suspect hard drives. It is a portable write-blocker that provides support for 5 different interfaces in one device. |
| ZX-Tower TM | provides secure sanitization of hard disk drives and delivers wiping at a speed of 24 GB/min. The multi-target device allows to easily wipe up to 8 target hard drives simultaneously and also allows users to wipe up to 4 USB 3.0 enclosures |
| PC-3000 Flash | a hardware and software suite for recovering data from flash-based storage devices like SD cards and USB sticks |
| Image MASSterTM Wipe PRO | a hard Drive Sanitization Station. It can erase up to 8 Hard Drives simultaneously at speeds exceeding 7 GB/min |
| RoadMASSter-3 X2 | a forensic portable lab designed as a forensic data acquisition and analysis workstation and is equipped with all the necessary tools to seize data from drives with common drive interface technologies. |
| Rapid ImageTM Hard Drive Duplicators | are designed to copy one "Master" hard drive to up to 19 "Target" hard drives at Fast SATA-III Speeds. It can also be configured to copy multiple Master drives simultaneously. It also supports the duplication of up to 10 Master drives simultaneously. |
| Paraben's Chat Stick | a thumb drive device that will search the entire computer, scan it for chat logs from Yahoo, MSN, ICQ, Trillian, Skype, Hello, and Miranda & create a report in an easy to read format so that one can see what kids or employees are saying to people online |
| PC-300 Data Extracter | a software add-on to PC-3000 that diagnoses and fixes file system issues, so that the client's data can be obtained. It works in tandem with the PC-3000 hardware to recover data from any media (IDE HDD, SCSI HDD, and flash memory readers). |
| UltraBay 3d | is a USB 3.0 integrated forensic bridge that includes a touch screen display and a graphical user interface for acquisition process monitoring. |
| Digital Intelligence Forensic Hardware: FRED | these systems are optimized for stationary laboratory acquisition and analysis. Simply remove the hard drive(s) from the suspect system, plug them in, and acquire the digital evidence. |
| Paraben's First Responder Kits | provides first responders the necessary tools to preserve various types of mobile evidence and protect it from unwanted signals and loss of power. secure from unwanted wireless signals. |
| social media forensic tools | Netvizz, twecoll, divud, Digitalfootprints, Netlytic, X1 Social Discovery, Facebook Forensic Software, H&A forensics, Geo360, Navigator by LifeRaft Social, Emotive, etc. |
| UltraKit | a portable kit which provides a complete set of UltraBlock hardware write blockers including adapters and connectors to acquire a forensically sound image of virtually any hard drive or storage device. |
| Forensic Falcon | Image & verify from 4 source drives to 5 destinations Preview suspect drive contents directly Image to/from a network location Remote operation with a web-based browser interface |
| Tableau T3iu Forensic SATA Imaging Bay | designed for fast write-blocked acquisitions of 3.5" and 2.5" SATA hard drives and for easy integration into workstations using a single SuperSpeed USB 3.0 host connection. |
| Triage-Responder | designed particularly for nontechnical first responders. It uses an easy two-step process to scan, analyze and extract evidence from a digital device. |
| XRY Office | logical and physical support for mobile forensic examiners. a software based solution and is built for a purpose with all the required hardware to recover data from mobile devices in a secure way. |
| Atola Insight Forensic | provides complex data retrieval functionalities with utilities for accessing hard drives at the lowest level. designed by recovery engineers, law enforcement agencies, and forensic experts. |
| US-LATT PRO | implements live acquisition and triage of Microsoft® Windows systems (XP – Windows 8). It offers the ability to the investigators to triage live evidence with fast and efficient on scene investigations. |
| Image MASSter Solo-4 G3 PLUS Forensic Enterprise Super Kit | drive data acquisition unit. ability to extract data from suspect to evidence hard drives at SATA-3 speed. It can also acquire data from two separate suspect hard drives to two individual evidence hard drives. |
| DeepSpar Disk Imager Forensic Edition | portable forensic imaging tool. can see the read status of each retrieved sector and what data and what type of files are being imaged. reduces the time taken to image bad sectors disks. |
| Disk Jockey PRO | disk copy and write blocking tool. can copy the Drive Configuration Overlay (DCO) areas and Host Protected Area (HPA) of a hard disk drive. It can work on Windows or Macintosh systems connected via high-speed USB 2.0 ports |
| RAPID IMAGE 7020 X2 IT | Hard Drive Duplicators are built to copy a single master hard drive to up to 19 target hard drives at SATA-III Speeds |
| ZClone®Xi (ZXi) | a duplicator, provides fast cloning, task macros networking and user profiles along with an easy to use interface. mirror cloning, a 100% bit for bit copy, as well as a CleverCopy mode that copies only data areas. It can also sanitize hard drives safely. |
| HardCopy 3P | a portable Forensic Hard Drive Duplicator with MD5, SHA256, and an integrated IDE port. It offers up to 7.5 GB Per Minute Data Transfer Rate. It offers two duplication Modes. |
| Forensic Tower IV Dual Xeon | forensic laboratory system. It consists of a case of ten 5.25-inch bays to provide flexibility in configuring a lab system to fulfill client requirements. It is compatible with all commercial forensic acquisition and analysis software |
| FREDDIE | portable mobile forensic tool built for computer evidence acquisition and analysis. attach HD's into FREDDIE to extract evidence. tool can directly gather data from IDE, EIDE, ATA, SATA, ATAPI, SAS, USB or Firewire hard drives and other storage devices. |
| Project-A-Phone | This tool helps to take high-quality screenshots of any device. It has 8-megapixel camera to take clear pictures of the display of the device. This camera connects to the computer to capture a clear screenshot. |
| Data Acquisition ToolboxTM | allows connecting MATLAB® to data acquisition hardware. It supports various DAQ hardware provided by National Instruments and vendors, such as, USB, PCI, PCI Express®, PXI and PXI-Express devices. |
| RAID Recovery for Windows | to recover full content of a broken RAID. copies the files and folders over to another disk. It works for NTFS-formatted RAID-0 as well as RAID-5 configurations. |
| R-Tools R-Studio | Mac data recovery technologies to recover files from NTFS, NTFS5, ReFS, FAT12/16/32, exFAT, HFS/HFS+ (Macintosh) etc. RAID reconstruction module and advanced disk copying/imaging module. works on local & network disks. |
| FDAS | Fast Disk Acquisition System. can copy disk-to-disk directly. The time to copy is equal to the time allowed by the source disk. |
| SMART for Linux | software for Lunux: A dead system post mortem analysis testing and verification of forensic programs conversion of proprietary evidence file formats |
| Macrium Reflect Free | disk cloning and imaging tool. It protects all personal documents, photos, music, mails etc. and also upgrades hard disk. It supports backup to local, network and USB drives and also burning to all DVD formats. |
| Active@ Disk Image | disk image software which can create an exact copy of any PC disks, such as, HDD, SSD, USB, CD, DVD, Blu-ray etc. and stores it to a folder. These copies or images can be used for PC upgrades, backups, and disk duplication purposes. |
| dcfldd | forensics data acquisition for Linux. |
| AppleXsoft File Recovery for Mac | file recovery tool for Mac. scans and recovers files from the hard disk and external storage devices. supports RAID recovery. RAID Reconstructor, Mail Recovery, Hex Viewer, SMART, Bad Block Diagnostics, Imaging tools, and Disk Copy |
| Disk Doctors Mac Data Recovery | recovers data from corrupt, deleted, and inaccessible partitions formatted by Mac. drives damaged by any virus attack, power failure, system crash, or human error. after the volume has been reformatted, different file system and bad sectors. |
| FileSalvage | recovery tool for Mac recovers the lost files, iTunes libraries, iPhoto collections, and lost data. |
| 321Soft Data Recovery | Mac recovers deleted, inaccessible, and lost files from Mac’s hard drive. |
| Cisdem DataRecovery 3 or 4 | software recovers photos, videos, documents, etc. on Mac hard drives, external devices and all Mac products. |
| Knoppix | Linux file recovery |
| Active@ Partition Recovery for Windows | Acronis Recovery Expert DiskInternals Partition Recovery NTFS Partition Data Recovery GetDataBack EaseUS Partition Recovery Advanced Disk Recover Power Data Recovery |
| rainbow table password cracking tools | rtgen and Winrtgen |
| CmosPwd | a CMOS/BIOS password recovery tool. It decrypts passwords stored in CMOS used to access BIOS SETUP. works and compiles under Dos - Win9x, Windows NT/W2K/XP/2003, Linux, FreeBSD, and NetBSD. |
| PWdump7 | an application that dumps the password hashes (OWFs) from NT’s SAM database. It extracts LM and NTLM password hashes of local user accounts from the SAM database. |
| Fgdump | a utility for dumping passwords on Windows NT/2000/XP/2003/Vista machines. all the capabilities of PWdump and can execute a remote executable, dumping the protected storage on a remote or local host, and grabbing cached credentials. |
| John the Ripper | a password recovery tool that cracks passwords and supports Unix, Windows, DOS, and OpenVMS. It detects weak Unix passwords, several crypt (3) password hash types most commonly found on various Unix systems, Windows LM hashes, etc. |
| Wfuzz | a password-cracking tool designed to brute force Web applications. can find unlinked resources (directories, servlets, scripts, etc.), brute-force GET, and POST parameters of injections (SQL, XSS, LDAP, etc.), and fuzzing. |
| LSASecretsView | a small utility that displays a list of all LSA secrets stored in the Registry on a computer. LSA secrets key is located under HKEY_LOCAL_MACHINE\ Security\Policy\Secrets |
| LCP | audits user account passwords and recovers them in Windows NT/2000/XP/2003. It searches for attacks in the OS and fixes and recovers forgotten passwords. It allows .lcs files for password recovery. |
| Kon-Boot | is a tool that recovers the passwords by bypassing the authentication process of Windows-based OSs. |
| Insiderpro | recovers passwords in Unicode |
| THC-Hydra | a network logon cracker tool that uses dictionary or brute-force attacks to try various passwords and login combinations against a login page. This tool supports Linux, *BSD, Solaris, Mac OS X, and any Unix and Windows (Cygwin) OSs. |
| DBAN | erasure software, automatically deletes the contents of any hard disk that it can detect. prevents identity theft before recycling a computer. solution to remove viruses and spyware from Microsoft Windows installations. |
| Universal Shield | enables users to hide files, folders, and drives. It sets access rules using flexible security combinations for user’s most precious data. supports Windows 7/Vista/XP/2003/2000 OSs. |
| BatchPurifier | removes hidden data and metadata from multiple files. |
| Steganos Privacy Suite 17 | steganographic security tool. It provides passwords for all online accounts that are automatically created, managed, and registered, regardless of whether the device is a computer, tablet, or a smartphone. |
| ParetoLogic Privacy Controls | a tool that allows the users to delete all the data related to internet activity. |
| X-Ways Forensics tool | to scan virtual memory |
| StreamArmor | tool used to discover Hidden Alternate Data Streams (ADS) and clean them completely from system. |
| ProDiscover® Basic edition | a self-managed tool for examination of hard disk security. to collect snapshots of activities that are critical for taking proactive steps in protecting the user data. |
| RegRipper | a flexible open source tool that facilitates registry analysis with ease. It contains pre-written Perl scripts for the purpose of fetching frequently needed information during an investigation involving a Windows box. |
| OS Forensics (Windows) | extract forensic data and hidden information, deep file searching and indexing, e-mail and e-mail archive searching, recent system activity and active memory. view events timeline, recover data and files & view meta-data. |
| Belkasoft Evidence Center | helps investigators to search, analyze, and store digital evidences found in Instant Messenger histories, Internet browser histories, and Outlook mailboxes. |
| MultiMon | an advanced multifunctional system monitoring tool for Windows OS that displays highly detailed output of a very wide range of system activities in real time. |
| changemac.sh, SMAC, and Wicontrol | AP MAC spoofing tools |
| Swatch | generate real-time alerts, which help to continuously monitor the log files. |
| Fsum | a command line utility for file integrity verification. It offers a choice of 13 hash and checksum functions for file message digest and checksum calculation. |
| Logcheck | a utility that allows system administrators to view the log files which are produced by hosts under their control. |
| network forensics analysis mechanism | includes presenting the evidence, manipulating, and automated reasoning. |
| GFI EventsManager | Analysis of log data, including SNMP traps, Windows® event logs, W3C logs, text-based logs, Syslog, SQL Server®, and Oracle® audit logs Reports Filtered charts granular control safe storage |
| EventLog Analyzer | Offers log management for network security Monitors application Logs and generates reports Stays informed on event activities in real-time Offers holistic approach for network IT security Checks if audit is ready and compliant |
| Kibana | an open-source data visualization platform that allows interaction with the data through a graphical user interface. |
| Syslog-ng | allows the collection, parsing, classification, and correlation of logs from across the infrastructure and store or route them to log analysis tools. |
| RSYSLOG | a system for log processing. It offers security features and a modular design. It accepts inputs from a variety of sources, transforms them, and outputs the results to diverse destinations. |
| ManageEngine Firewall Analyzer | a log analytics and configuration management software that helps network administrators to collect, archive, analyze their security device logs and subsequently generate forensic reports. |
| Simple Event Correlator (SEC) | an event correlation tool for event processing, which can be harnessed for event log monitoring, network and security management, fraud detection, and any other task that involves event correlation. |
| OSSEC | an open-source host-based intrusion detection system. log analysis, integrity checking, Windows registry monitoring, rootkit detection, real-time alerting, and active response on Linux, OpenBSD, FreeBSD, Mac OS X, Solaris, and Windows. |
| Ipswitch Log Management | Suite of automated tool that collects, stores, archives, and backs-up Syslog, Windows events, or W3C/IIS logs. It analyzes for suspicious activities and automatically generates compliance reports. |
| Veriato Server Manager | This tool allows the viewing and reporting of event log data and isolates pertinent log entries by merging multiple logs into a single view, hiding duplicate entries, and filtering the results. |
| Log Management Utility | enables one to collect, save, browse, and search MFP Audit Logs smoothly and for a longer period of time from a PC, giving more time to manage and analyze the conditions of each MFP |
| Snare | helps in gathering and filtering IT-event data for critical security monitoring, analysis, auditing, and archiving. |
| Splunk | allows investigators to collect, analyze, and act upon the untapped value of the big data generated by the technology infrastructure, security systems, and business applications |
| Loggly | offers a cloud-based service that mines log data in real time and reveals what is required, so that you have the insights you need to produce. |
| vRealize Log Insight | delivers heterogeneous and scalable log management with intuitive, actionable dashboards, sophisticated analytics, and broad third-party extensibility, thereby providing operational visibility and faster troubleshooting |
| Sumo Logic | used to build, run, and secure modern applications . It is a cloud-native, machine data analytics service for log management and time series metrics. |
| TIBCO LogLogic | This tool is used to harness log and machine data to provide insight into IT operational efficiencies. |
| Logscape | This tool allows searching, visualizing, and analyzing log files and operational data. |
| HPE Security ArcSight ESM | a security management application that combines event correlation and security analytics to identify and prioritize threats in real time, thereby facilitating immediate response and remediation. |
| XpoLog | log management platform helps in the analysis, visualization, monitoring, and automated in-depth mining of log data. allows the optimization of IT operations and visibility for any type of system log data |
| LogRhythm | security intelligence and analytics platform enables organizations to detect, prioritize, and neutralize cyber threats that penetrate the perimeter or originate from within. |
| Sawmill | helps analyze, monitor, and alert a wide range of systems. It provides log processing and reporting features to gain insight into the network data. |
| McAfee Enterprise Log Manager | collects, compresses, signs, and stores all original events with a clear audit trail of activity that cannot be repudiated. |
| Log & Event Manager | an SIEM that makes it easy to use logs for security, compliance, and troubleshooting. |
| Papertrail | used for its time-saving log tools, flexible system groups, team-wide access, long-term archives, charts, analytics exports, and monitoring webhooks. |
| EventReporter | a Windows event log processor and syslog forwarder. It is used to consolidate multiple event logs and create a central repository. |
| Kiwi Log Viewer | enables the monitoring of a log file for changes. It can display changes in real-time and allows automatic monitoring of log file entries for specific keywords, phrases, or patterns. |
| Event Log Explorer | a software solution for viewing, analyzing and monitoring events recorded in Microsoft Windows event logs. simplifies the analysis of event logs (security, application, system, setup, directory service, DNS, and others). |
| WebLog Expert | an access log analyzer of a website's visitors: activity statistics, accessed files, paths, referring pages, search engines, browsers, OS's on Apache, IIS and Nginx web servers. can read GZ and ZIP compressed log files |
| ELM Enterprise Manager | elevates Windows event log monitoring to real-time. Events logs are collected reliably after they are written. |
| EventSentry | receives critical alerts and consolidates logs in one place with real - time event log, log file, and Syslog monitoring. rule sets with web-based reporting |
| LogMeister | monitors Windows event logs, syslog, and text logs on servers throughout a network, providing notifications of key events and allowing for appropriate and timely action. |
| InTrust | enables the secure collection, storage, search, and analysis of massive amounts of IT data from numerous data sources, systems, and devices in one place. |
| Alert Logic Log Manager with ActiveWatch | Security-as-a-Service (SaaS) solution that meets compliance requirements and identifies security issues across the entire environment, including public cloud. It collects, processes, and analyzes data. |
| SentinelTM Log Manager | is a software appliance that enables the collection, storage, analysis, and management of IT infrastructure event and security logs. |
| Tripwire Log Center | normalizes data from servers, security and network devices, as well as applications, integrating it with Enterprise tools to provide endpoint protection and security. |
| AlienVault Unified Security ManagementTM (USM) | is a platform that provides unified, coordinated security monitoring, security event management and reporting, continuous threat intelligence and multiple security functions without multiple consoles. |
| MyEventViewer | allows the users to watch multiple event logs in one list. Additionally, allows easy selection of multiple event items and saving them to HTML/Text/XML file or copying them to the clipboard (Ctrl+C) and pasting them into Excel |
| WinAgents EventLog Translation Service | a server that monitors Windows event logs and forwards the events that appear for further processing. The program can forward events to a Syslog server or to an SNMP management station. |
| EventTracker Enterprise | a log management tool and includes features such as File Integrity Monitoring, Change Audit, Config Assessment, Cloud Integration, Event Correlation, and writeable media monitoring. |
| Logstash | can connect to a variety of sources and stream data at scale to a central analytics system. It provides a convenient way to custom logic for parsing these logs at scale. |
| SecurityCenter Continuous View (SecurityCenter CV) | collects data from multiple sensors to provide advanced analysis of vulnerability, threat, network traffic, and event information and delivers a continuous view of IT security across the environment. |
| The Elastic Stack | open-source stack consisting of Elasticsearch, Kibana, Logstash, and Beats, helps procure data from any source in any format and search, analyze, and visualize it in real time. |
| CorreLog | is a solution for cross-platform IT security log management and event log correlation. It allows real-time event log collection across both distributed and mainframe systems. |
| Assuria Log Manager | used for the collection of forensically sound logs from almost any source into a central store. It allows enterprise-wide automated management of logs, including log rotation |
| LOGStormTM i | a log management and log monitoring solution that combines log management with correlation technology, real-time event log correlation and log monitoring, and an integrated incident response system. |
| PowerBroker Event Vault BeyondTrust | automates and streamlines the collection and management of standard Microsoft Windows event logs. |
| Logsene | tool that makes all logs accessible in one place. It allows to inspect logs via UI or Elasticsearch API and correlate logs with performance metrics via SPM |
| SaaS Log Management | a solution that works with CloudAccess SIEM Log management to provide secure storage and full lifecycle management of event data. |
| ApexSQL Log | a SQL Server database transaction log reader that can present all the information in a human readable format. |
| FortiSIEM | a Security Information and Event Management system used for the detection and remediation of security events. It offers security, performance, and compliance management. |
| Graylog | an open-source log management tool used to search, analyze, and generate alerts across all log files |
| Kippo | one of the commonly used Honeypots to fool the attackers and understand their methodology thereby minimizing the risk of attack. |
| Wireshark | a GUI network protocol analyzer. interactively browse packet data from a live network or from a previously saved capture file. has native capture file format is in libpcap format, which is also the format used by tcpdump and various other tools. |
| SteelCentral Packet Analyzer | packet analysis and reporting with GUI. identifies and troubleshoots network and application performance issues down to the bit level through its integration with Wireshark |
| Tcpdump | prints out contents of packets. -w flag, which causes it to save the packet data to a file for later analysis, -r flag, which causes it to read from a saved packet file rather than read packets from a network interface. |
| WinDump | the Windows version of tcpdump, the command line network analyzer for UNIX. WinDump is fully compatible with tcpdump and is used to watch, diagnose, and save to disk network traffic according to various complex rules. |
| Capsa | a portable network analyzer for both LAN and WLAN that performs packet capturing, network monitoring, advanced protocol analysis, in-depth packet decoding, and automatic expert diagnosis. |
| OmniPeek | real-time visibility and analysis of the network from a single interface, including Ethernet, Gigabit, 10 Gigabit, 802.11a/b/g/n wireless, VoIP, and video to remote offices. “top-down” approach to visualize network conditions |
| Observer | used for troubleshooting in a network. It has features such as expert analysis, VoIP tools, in-depth application analysis, connection dynamics, stream reconstruction, and more, in addition to offering support for SNMP and RMON device management. |
| Colasoft Packet Builder | enables creating custom network packets; users can use this tool to check the network protection against attacks and intruders. allows common HEX editing of raw data, it features a decoding editor that allows for editing-specific protocol field values. |
| RSA NetWitness Investigator | captures live traffic and processes packet files from virtually any existing network collection device for analysis. can locally process packet files and record in real time from a network tap or span port. |
| Ace Password Sniffer | is a password recovery utility that captures the forgotten passwords. It is used to monitor the web activities and monitor password abuse. |
| IPgrab | a verbose packet sniffer for UNIX hosts. |
| Big Mother | a switchsniff with zero configurations used as an internet activity monitoring tool. It is an eavesdropping program that uses a switch sniffer to capture and analyze communication traffic over a network. |
| EtherDetect Packet Sniffer | a sniffing tool that can capture full packets organized by TCP connections or UDP threads and passively monitor the network, with any program installations on target PCs. |
| dsniff | a tool for network auditing and penetration testing. passively monitors a network for data, passwords, e-mail, files, etc. Further, arpspoof, dnsspoof, and macof facilitate the interception of network traffic normally unavailable to an attacker. |
| EffeTech HTTP Sniffer | a HTTP packet sniffer, protocol analyzer, and file reassembly software based on windows platform. Unlike most other sniffers, this sniffer dedicates itself to capture IP packets containing HTTP protocol |
| Ntopng | a network traffic probe that shows the network usage, similar to what the popular top Unix command does. It is based on libpcap, and it runs on every Unix platform, MacOSX and on Windows. |
| Ettercap | a comprehensive suite for man-in-the-middle attacks. The tool features sniffing of live connections, content filtering on the fly. spoofing too. |
| SmartSniff | a network monitoring utility that captures TCP/IP packets that pass through the network adapter and displays the captured data as a sequence of conversations between clients and servers. |
| EtherApe | a graphical network monitor for UNIX modeled after etherman. The tool features link layer, IP and TCP modes, and graphically displays network activity. |
| Network Probe | is the network monitor and protocol analyzer to monitor network traffic tool. It can find the sources of any network slow-downs. |
| WebSiteSniffer | a packet sniffer tool to capture all Web site files downloaded by the Web browser while browsing the Internet and stores them on your hard drive under the base folder that you choose. allows the users to capture any required type of Web site files |
| ICQ Sniffer | a network utility that can capture and log ICQ chat from computers within the same LAN. It supports messaging through ICQ server with format of plain text, RTF, or HTML. |
| MaaTec Network Analyzer | a tool that allows capturing, saving, and analyzing network traffic on a LAN or a DSL internet connection. |
| Alchemy Eye | monitors network server availability and performance. It supports over 50 monitoring types, including ICMP ping, NT Event Log monitoring, HTTPS/FTP URL checking, free disk space monitoring, notifies the Network Admin about server malfunction events. |
| CommView | a network monitor and analyzer designed for LAN administrators, security professionals, network programmers, home users, and anyone who wants a full picture of the traffic flowing through a PC or LAN segment. |
| NetResident | a network content analysis application designed to monitor, store, and reconstruct network events and activities, such as e-mail messages, web pages, downloaded files, instant messages, and VoIP conversations. |
| Kismet | a wireless network detector, sniffer, and intrusion detection system. Kismet works predominately with Wi-Fi networks |
| AIM Sniffer | a network utility to capture and log AOL Instant Messenger chat from computers within the same LAN. The tool supports messaging through AOL Instant Messenger server and direct connection messaging. |
| NetworkMiner | is a Network Forensic Analysis Tool for Windows/Linux/Mac OS X/FreeBSD used as a passive network sniffer/packet capturing tool in order to detect operating systems, sessions, hostnames, open ports, etc., without placing any traffic strain on the network. |
| Deep Log Analyzer | is a web analytics solution for small and medium size websites. It analyzes web site visitors’ behavior and gets the complete website usage statistics in easy steps. |
| AWStats | is a graphical tool that generates the web, streaming, ftp or mail server statistics. |
| Nagios Log Server | a Centralized Log Management, Monitoring and Analysis Software. It simplifies the process of searching your log data. |
| Web Log Storming | a web server log file analyzer (IIS, Apache, and Nginx) for Windows. |
| LogCruncher | a tool for analysis and data visualization of web server log files. It allows the user to see and understand the website analytics based on key metrics. |
| GoAccess | an open source real-time web log analyzer and interactive viewer that runs in a terminal in *nix systems or through your browser. It provides HTTP statistics |
| Active LogView | a log analysis program that provides analysis of total requests, unique visits, advanced referrers list, hourly summary, user agents list, OS list, advanced filtration, advanced search and more. |
| Webalizer | a web server log file analysis program. It produces detailed, configurable usage reports in HTML format, for viewing with a standard web browser. |
| Sobolsoft | an online whois lookup tool. |
| Network-Tools.com | an online tool used to perform whois lookup on a target website. |
| SQL Server Management Studio (SSMS) | an integrated environment for accessing, configuring, managing, administering, and developing all components of SQL Server and Azure SQL Database. |
| Magnet IEF | to find, analyze and report on the digital evidence from computers, Smartphones, and tablets. |
| DiskPulse | intercepts file system change notifications issued by the operating system and detects newly created files, modified files, deleted files and renamed files. |
| Directory Monitor | can be used by the investigators for the surveillance of certain directories and network shares and will notify the investigator of file changes/access, deletions, modifications, and new files in real-time. |
| RAM Capturer | allows investigator to reliably extract the entire contents of computer’s volatile memory to the required drive – even if protected by an active anti-debugging or anti-dumping system. |
| HXD | a hex editor allowing users to edit, modify the raw binary content of a file or a disk of any size. |
| WebBrowserPassView | a password recovery tool that reveals the passwords stored by the following Web browsers: Internet Explorer (Version 4.0 - 11.0), Mozilla Firefox, Google Chrome, Safari, and Opera. |
| What Changed | a system utility that scans for modified files and registry entries on Google Drive. It is useful for checking program installations. |
| UFED Cloud Analyzer | tool provides forensic practitioners with instant extraction, preservation, and analysis of private social media accounts --Facebook, Twitter, Kik, Instagram --file storage and other cloud-based account content that can help speed investigations. |
| Crypter | software program that can conceal existence of malware. Attackers use this software to elude antivirus detection. |
| screen capture tools | Snagit Jing Camtasia Ezvid |
| Anubis | a tool for analyzing the behavior of Windows PE-executables, with a focus on malware analysis. It generates a report file that contains enough information about the purpose and the actions of the analyzed binary. |
| HijackThis | a utility that generates an in depth report of registry and file settings from the computer. It makes no separation between safe and unsafe settings in its scan results giving the ability to selectively remove items from the machine. |
| File Checksum Integrity Verifier (FCIV) | a command prompt utility that generates and verifies has values of files using MD5 or SHA-1 algorithms. |
| Tripwire Enterprise | a tool for assessing IT configurations and detecting, analyzing and reporting on change activity across IT infrastructure. can monitor servers, desktops, directory servers, hypervisors, databases, middleware applications and network devices. |
| Kernel for PST Recovery | enables repair of corrupted PST file and recovery all email items from them. |
| MxToolBox Email Header Analyzer | This tool will make email headers human readable by parsing them according to RFC 822. |
| Wise Data Recovery | a data recovery program to get back deleted photos, documents, videos, emails etc. from your local or removable drives for free. |
| ViaExtract | to bypass the phone lock mechanism imposed by the mobile devices. |
| IExplorer | helps the investigator bypass the passcode of the iPhone. This process helps the investigator in gaining access to the var/KeyChains root directory and helps delete the keychain that has the information regarding the passcode. |
| OneClickRoot and Kingo | This utility allows the users to root their Android mobile devices without having a good understanding or its firmware and kernel. |
| Towelroot | app provides one click root to most of the existing and popular Android smart phones. |
| RescuRoot | It is a one click utility to root most of the Android mobile devices from the brands Samsung, HTC, Motorola, LG, and Sony Ericsson. |
| Pangu | jailbreak tool allows the user to jailbreak iOS devices by running the click-to-jailbreak app and removes the jailbreak by rebooting the iOS devices |
| RedSn0w | allows the investigator to jailbreak into an iPhone, iPod Touch, or iPad by running a variety of firmware versions. |
| Sn0wbreeze | a jailbreak application developed by iH8sn0w for Apple devices running on iOS such as iPhone, iPad, and iPod Touch. |
| GeekSn0w | a free tool developed by Andrea Bentivegna for jailbreaking iPhones running on iOS 7.1. It is available only for Windows OS |
| MOBILedit Forensic | the analyzer can view, examine, or recover complete data from the mobile and the SIM. |
| Scalpel | a file-carving and indexing application that runs on Linux and Windows-based machines. It is an open-source package for recovering deleted data initially based on leading, although significantly more efficient. |
| Lantern | allows the user to parse and triage a Mac running OSX or a Mac OSX image and allows for data extraction, analysis, and auditing. |
| Aceso | a sound data extraction utility for mobile phones, GPS devices, SIM, and media cards |
| Athena | enables the investigator to extract and process communication and positioning information from GPS, satellite handsets, phones, and other portable devices. |
| iXAM | used for mobile forensics investigation to provide any information from a stored contact or text message to an email, photograph, or specific map location. |
| Active@ Password changer | to reset forgotten or lost admin passwords, or any passwords |
| Stellar Phoenix | Mac Data Recovery software recovers documents, photos, music, or videos lost due to deletion from any HFS, HFS+ (Mac), FAT, ExFAT, and NTFS format-based file system |
| wevtutil | tool enables you to retrieve information about Win 10 event logs and publishers. You can also use this command to install and uninstall event manifests, to run queries, and to export, archive, and clear logs |
| Webscarab and Paros | tools for MITM attacks for Parameter/Form tampering. |
| Cheops-ng | a Network management tool for mapping and monitoring your network. It has host/network discovery functionality as well as OS detection of hosts. has the ability to probe hosts to see what services they are running. |
| netcat | reads and writes data across network connections, using the TCP/IP protocol. It is designed to be a reliable "back-end" tool that can be used directly or easily driven by other programs and scripts. |
| PsTools | microsoft cmd line toolset to perform administrative tasks |
| Trojans | non replicating infection that is used to control parts of a computer, some are rootkits. |
| netcraft | extension allowing easy site lookup, OS info., providing protection from phishing and malicious JavaScript. |
| Nmap | Network Mapper - a free and open-source network scanner |
| GetAdmin | executable file that helps determine if a particular file is a legitimate Windows process or a virus. |
| Auditpol | a command-line utility to configure and manage audit policy settings from an elevated command prompt |
| www.attentionmeter.com | It compares website traffic from hosts of different sources and provides traffic data and graphs on it. |
| EDGAR_Database | sources for competitive intelligence |
| LexisNexis | sources for competitive intelligence |
| Hoovers | sources for competitive intelligence |
| Business_Wire | sources for competitive intelligence |
| SEC_Info | company plans and financials |
| Experian | company plans and financials |
| Market_Watch | company plans and financials |
| Wall_Street_Monitor | company plans and financials |
| Euromonitor | company plans and financials |
| Black_Widow | scans websites (it's a site ripper). It can download an entire website, or download portions of a site. can build a site structure first, can download any and all kind of files. Web mirroring |
| GSA_Email_Spider | Spider - Collect and compile e-mails, phone and fax numbers from the websites around the world using the keywords you enter for. |
| Ncollector_Studio | download a complete website and browse the website offline or crawl the website for specific files/images/videos |
| GNU_Wget | retrieves content from web servers. It is part of the GNU Project. Web mirroring |
| SiteDigger | uses Google hack searches and other methods to dig up information and vulnerabilities |
| Metagoofil | uses Google hacks and cache to find unbelievable amounts of information hidden in the meta tags of publicly available documents. |
| Burp_Suite | integrated platform for performing security testing of web applications. allows you to grab headers and cookies, and learn connection status, content type, and web server information. |
| Firebug | allows you to grab headers and cookies, and learn connection status, content type, and web server information. |
| Website_Informer | allows you to grab headers and cookies, and learn connection status, content type, and web server information. |
| HTTrack | web mirroring |
| WebRipper | web mirroring |
| Teleport_Pro | web mirroring |
| Backstreet_Browser | web mirroring |
| Wayback_Machine | keeps snapshots of sites from days gone by, allowing you to go back in time to search for lost information |
| Google_Cache | keeps snapshots of sites from days gone by, allowing you to go back in time to search for lost information |
| Website_Watcher | can be used to check web pages for changes, automatically notifying you when there’s an update. |
| www.emailtrackerpro.com | email tracking tools. |
| www.mailtracking.com | email tracking tools. |
| GetNotify | email tracking tools. |
| ContactMonkey | email tracking tools. |
| Yesware | email tracking tools. |
| Read_Notify | email tracking tools. |
| WhoReadMe | email tracking tools. |
| MSGTAG | email tracking tools. |
| Trace_Email | email tracking tools. |
| Zendio | email tracking tools. |
| www.spoofcard.com | offers the ability to change what someone sees on their caller ID display when they receive a phone call from you. Can disguise voice. |
| nslookup | query dns servers. |
| ls -d | zone transfer in nslookup, pulls every record from DNS server. |
| dig | DNS lookup tools that is advanced. syntax is @server name type |
| Visual Trace (NeoTrace), Trout, and VisualRoute | examples of applications that use tracerout/tracert information to build a visual map, showing geographical locations as well as technical data |
| Recon-ng | not intended to compete with existing frameworks, as it is designed exclusively for web-based, open-source reconnaissance. |
| Maltego | software used for open-source intelligence and forensics. It is useful during the information-gathering phase of all security-related work |
| Netscan | packet-crafting tools |
| Ostinato | packet-crafting tools |
| WAN Killer | packet-crafting tools |
| Packeth | packet-crafting tools |
| LAN_Forge_FIRE | packet-crafting tools |
| Colasoft’s Packet Builder | packet-crafting tool. 3 views: Packet List, Decode Editor, Hex Editor. |
| Currports | tracks all currently opened TCP/IP and UDP ports on your local computer, process that opened the port, the process name, full path, version, time it was created, and the user who created it. |
| Angry_IP_Scanner | well-know scanning tool; j a lot of antivirus programs consider it a virus |
| SolarWinds_Engineer_Toolset | scanning tool |
| Network_Ping | scanning tool |
| OPUtils | scanning tool |
| Advanced_IP_Scanner | scanning tool |
| Pinkie | scanning tool |
| SuperScan | scanning tool intuitive front-end interface, providing for ping sweeps and port scans against individual systems or entire subnets |
| NetScan_Tools_Pro | scan tool w/4 sets of tools: Active Discovery and Diagnostic (testing/locating devices), Passive Discovery (monitor activities of devices and gather information), DNS, and Local Computer and General Information (details about local system). |
| Hping_(Hping2_or_Hping3) | a powerful cmd line tool for both ping sweeps and port scans, and is also a handy packet-crafting tool for TCP/IP for Windows and Linux |
| IP_Scanner_(10base-t.com) | mobile scanners |
| Fing | mobile scanners |
| Hackode | mobile scanners |
| zANTi | mobile scanners |
| PortDroid_Network_Analysis | mobile scanners |
Created by:
CountChocula7623
Popular Computers sets