Incident Response Toolkit

Developer: AccessData
Description: FTK is a commercial forensic analysis tool used for disk imaging, file analysis, and evidence management. It provides capabilities for data carving, email analysis, and comprehensive case management.
Key Features:
- File System Analysis: Examines file systems and recovers deleted files.
- Data Carving: Extracts data from unallocated space.
- Email Analysis: Supports various email formats for investigation.
- Built-in Viewer: Allows viewing of various file types and metadata.
Cost: Commercial (not free, but a demo version may be available).

Developer: FireEye
Description: Redline is a free tool for memory and file analysis used to investigate security incidents. It focuses on analyzing volatile data from endpoints and provides detailed information on system activity.
Key Features:
- Memory Analysis: Extracts and analyzes data from memory dumps.
- File Analysis: Investigates file system artifacts and indicators of compromise (IOCs).
- System Scan: Collects and analyzes a snapshot of the endpoint.
- Malware Detection: Helps identify and analyze suspicious files and processes.
Cost: Free.

Developer: Cyber Triage, LLC
Description: Cyber Triage is a tool designed for digital forensic and incident response investigations. It provides a user-friendly interface for collecting and analyzing evidence, including file system data, memory dumps, and system artifacts.
Key Features:
- Evidence Collection: Collects data from endpoints and analyzes it.
- File and Memory Analysis: Analyzes file systems and memory dumps for forensic evidence.
- Reporting: Generates detailed reports on findings.
- Ease of Use: Designed to be user-friendly for both experienced and less experienced investigators.
Cost: Offers a free version with limited functionality; full version is commercial.

Last updated 10 months ago

Developer: AccessData
Description: FTK is a commercial forensic analysis tool used for disk imaging, file analysis, and evidence management. It provides capabilities for data carving, email analysis, and comprehensive case management.
Key Features:
- File System Analysis: Examines file systems and recovers deleted files.
- Data Carving: Extracts data from unallocated space.
- Email Analysis: Supports various email formats for investigation.
- Built-in Viewer: Allows viewing of various file types and metadata.
Cost: Commercial (not free, but a demo version may be available).

Developer: FireEye
Description: Redline is a free tool for memory and file analysis used to investigate security incidents. It focuses on analyzing volatile data from endpoints and provides detailed information on system activity.
Key Features:
- Memory Analysis: Extracts and analyzes data from memory dumps.
- File Analysis: Investigates file system artifacts and indicators of compromise (IOCs).
- System Scan: Collects and analyzes a snapshot of the endpoint.
- Malware Detection: Helps identify and analyze suspicious files and processes.
Cost: Free.

Developer: Cyber Triage, LLC
Description: Cyber Triage is a tool designed for digital forensic and incident response investigations. It provides a user-friendly interface for collecting and analyzing evidence, including file system data, memory dumps, and system artifacts.
Key Features:
- Evidence Collection: Collects data from endpoints and analyzes it.
- File and Memory Analysis: Analyzes file systems and memory dumps for forensic evidence.
- Reporting: Generates detailed reports on findings.
- Ease of Use: Designed to be user-friendly for both experienced and less experienced investigators.
Cost: Offers a free version with limited functionality; full version is commercial.

Last updated 10 months ago