I have finally compiled my latest IR Toolkit list based on the list layout from Scott F. in the ISC diary (mentioned in a previous post below). I carry several CD's with me that are customized bootable CD's. My primary CD is Helix with all of my tools listed below added into the bin folder so they are available from the custom command prompt, Auditor CD, Whoppix CD, and Knoppix CD. I expect to update my toolkit soon to include the MS Debugging Tools once I become more familiar with it. VMware is my testing platform of choice and my backup DVD contains several custom installs of WinXPPro and Win2003Server with different sized OS drives (so dd'ing them doesn't take forever). I need to go back and modify those environments so they can do memory dumps for analysis as mentioned in Harlan Carvey's blog. Note: McAfee is licensed under my employer's contract and Ad-Aware is not freely licensed for academic use.
Adware & Spyware Tools
|-- Ad-Aware SE Personal - 1.06r1
|-- BHO Demon - 2.0.0.22
|-- CWShredder - 2.15
|-- HijackThis - 1.99.1
|-- Microsoft Windows AntiSpyWare - 2/16/2005 Beta
|-- Spybot Search and Destroy - 1.4
Antivirus Tools
|-- McAfee CleanBoot - 1.0
|-- McAfee Stinger - 2.5.4
|-- McAfee VirusScan Enterprise - 8.0i
|-- Microsoft Malware Removal Tool - 1.4
Incident Response ToolKit
|-- DiamondCS CmdLine - 1.0
|-- DiamondCS OpenPorts - 1.0
|-- FoundStone BinText - 3.0
|-- FoundStone Forensic Toolkit - 2.0
|-- FoundStone Fport - 2.0
|-- FoundStone Galleta - 1.0
|-- FoundStone Pasco - 1.0
|-- FoundStone Rifuti - 1.0
|-- FoundStone ScanLine - 1.01
|-- FoundStone ShoWin - 2.0
|-- FoundStone SuperScan - 4.0
|-- Heysoft LADS - 4.0
|-- Inetcat.org NBTScan - 1.5.1
|-- myNetWatchman SecCheck
|-- NetCat - 1.1
|-- NirSoft CurrPorts - 1.05
|-- NirSoft CurrProcess - 1.10
|-- NirSoft StartupRun - 1.22
|-- NTSecurity.nu PMDump - 1.2
|-- SysInternals AccessEnum - 1.2
|-- SysInternals AutoRuns - 7.01
|-- SysInternals Contig - 1.52
|-- SysInternals DiskView - 2.0
|-- SysInternals FileMon 9x,NT,x64,IA64 - 7.0
|-- SysInternals Hex2dec
|-- SysInternals ListDLLs - 2.25
|-- SysInternals Page Defrag - 2.3
|-- SysInternals ProcessExplorer 9x,NT,x64- 9.11
|-- SysInternals PS Tools - 2.15
|-- SysInternals RegMon 9x,NT,x64,IA64 - 7.0
|-- SysInternals Rootkit Revealer - 1.4
|-- SysInternals Sdelete - 1.4
|-- SysInternals ShareEnum - 1.6
|-- SysInternals Sync - 2.2
|-- SysInternals Sigcheck - 1.2
|-- SysInternals Strings - 2.1
|-- SysInternals TCPView - 2.4
|-- Red Cliff Web Historian - 1.1
|-- Sam Spade - 1.14
|-- Tigerteam.se SBD (encrypted netcat) - 1.36
|-- UnxUtils - 04-14-03
|-- Windows Forensic Toolchest (WFT) - 2.0
Security Tools
|-- Ethereal - 0.10.11
|-- Nmap - 3.81
|-- MS Baseline Security Analyzer - 1.2.1
|-- Putty - 0.58
|-- WinDump - 3.8.3 beta
|-- WinPcap - 3.1 beta 4
|-- WinSCP - 3.7.5 beta
Saturday, June 18, 2005
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment