Cyber ​​incident response tools for Ethical Hackers and Penetration Testers

Here you can find the complete list of cyber incident response tools.

All in one Incident Response Tools

• Belkasoft Evidence Center
• CimSweep
• CIRTkit
• Cyber ​​Triage
• Doorman
• Envdb
• Falcon Orchestrator
• GRR Rapid Response
• Kolide Fleet
• Limacharlie
• MIG
• MozDef
• nightHawk
• Open Computer Forensics Architecture
• Osquery
• Redline
• The Sleuth Kit & Autopsy
• TheHive
• X-Ways Forensics
• Zentral

books

• Dfir intro
• The Practice of Network Security Monitoring: Understanding Incident Detection and Response

Communities

• Sans DFIR mailing list
• Slack DFIR channel  //  Signup here

Disk image creation tools

• AccessData FTK Imager
• Bitscout
• GetData Forensic Imager
• Guymager
• ACQUIRE Magnet

Collection of evidence

• bulk_extractor
• Cold Disk Quick Response
• ir-rescue
• Live Response Collection

Incident management

• Cyphon
• Demisto
• FIR
• RTIR
• SCOT
• threat_note

Linux distributions

• A DAY
• CAINE
• CCF-VM
• DEFT
• NST - Network Security Toolkit
• PALADIN
• Security Onion
• SIFT Workstation

Collection of Linux evidence

• FastIR Collector Linux

Registry analysis tools

• Lorg

Memory analysis tools

• Evolve
• inVtero.net
• KnTList
• LiME
• Memoryze
• Memoryze for Mac
• Rekall
• Reply PRO
• Volatility
• VolatilityBot
• VolDiff
• WindowsSCOPE

Memory image tools

• Belkasoft Live RAM Capturer
• Linux Memory Grabber
• Magnet RAM Capture
• OSForensics

OSX Evidence Collection

• Knockknock
• mac_apt - macOS Artifact Parsing Tool
• OSX Auditor
• OSX Collector

Other lists

• List of various Security APIs

Other tools

• Cortex
• Crits
• domfind
• DumpsterFire
• Fenrir
• Fileintel
• HELK
• Hindsight
• Hostintel
• imagemounter
• Kansa
• track2r
• RaQet
• Stalk
• SearchGiant
• Stenographer
• sqhunter
• traceroute-circl
• X-Ray 2.0

Playbooks

• Demisto Playbooks Collection
• IRM
• IR Workflow Gallery
• PagerDuty Incident Response Documentation  //  GitHub .

Process Dump

• Microsoft User Mode Process Dumper
• PMDump

Sandboxing / reversing

• Cuckoo
• Cuckoo-modified
• Cuckoo-modified-api
• Hybrid-Analysis
• Malwr
• Mastiff
• Metadefender Cloud
• Viper
• Virustotal
• Visualize_Logs

Timeline tools

• Highlighter
• Morgue
• Plaso
• Timesketch

Collection of Windows evidence

• AChoir
• Binaryforay  // ( http://binaryforay.blogspot.co.il/ )
• Crowd Response
• FastIR Collector
• FECT
• Fibratus
• IOC Finder
• Fidelis ThreatScanner
• LOKI
• Panorama
• PowerForensics
• PSRecon
• RegRipper
• TRIAGE-IR

Credits

This list is created with the help of Penetration Testers and Security Analysts.

All the information provided in this medium is for educational purposes, in no case is any responsible for any misuse of the information. All information is for the development and investigation of computer security methods.