FANDOM


In order to perform a forensic analysis you need access to several forensic tools. It is best to become familiar with them before the incident to ensure that you don't make any irrecoverable mistakes.

Network Capture/AnalysisEdit


  • Wireshark</li></li>
  • Network Miner</li></li>
  • Argus/RA</li></li>
  • TCPDump</li></li>
  • WinDump</li></li>
  • Tcpdstat</li>

    Hard Drive Capture/AnalysisEdit

    Network Analysis/Capture


      • Netcat
      • Netstat
      • Nbtstat
      • Sys Internals
      • Wireshark
      • NetworkMiner
      • Argus/RA
      • TCPDump
      • WinDump
      • Tcpdstat
      • winhash
      • SHA-1

    Hard Drive Analysis/Capture


      • Uname –a
      • Cat /proc/version
      • Hostname
      • Ifconfig
      • Date
      • Netstat –aunt
      • Netstat –tulnp
      • W
      • Netstat –rn
      • Route
      • Ps aux
      • Service –status-all
      • Ps –Al
      • Crontab
      • Lsof
      • Lsmod
      • Gcore
      • dd

    TipsEdit

    Find a variety of tools that you like. Make sure to learn them well enough that you understand when to use them and why </li>