In order to perform a forensic analysis you need access to several forensic tools. It is best to become familiar with them before the incident to ensure that you don't make any irrecoverable mistakes.

Network Capture/AnalysisEdit

  • Wireshark</li></li>
  • Network Miner</li></li>
  • Argus/RA</li></li>
  • TCPDump</li></li>
  • WinDump</li></li>
  • Tcpdstat</li>

    Hard Drive Capture/AnalysisEdit

    Network Analysis/Capture

      • Netcat
      • Netstat
      • Nbtstat
      • Sys Internals
      • Wireshark
      • NetworkMiner
      • Argus/RA
      • TCPDump
      • WinDump
      • Tcpdstat
      • winhash
      • SHA-1

    Hard Drive Analysis/Capture

      • Uname –a
      • Cat /proc/version
      • Hostname
      • Ifconfig
      • Date
      • Netstat –aunt
      • Netstat –tulnp
      • W
      • Netstat –rn
      • Route
      • Ps aux
      • Service –status-all
      • Ps –Al
      • Crontab
      • Lsof
      • Lsmod
      • Gcore
      • dd


    Find a variety of tools that you like. Make sure to learn them well enough that you understand when to use them and why </li>

  • Ad blocker interference detected!

    Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

    Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.