Linkedin Github

👋./Malfav.asm
- 🕸️Malfav Agenda
🕷️Malware Introduction
🐁OS Internal's
- 🍩Suspicious API's
🪟Windows Internal
- 📡Windows Internal
  - 🦐Why Windows Internal ?
    🏵️Process
    🧵Thread
    🪭Handle
    🌐Memory
    ☢️Ram
    🤖ROM
👁️‍🗨️Malware Technique
⚔️Malware Resources
- 👻Malware Resources
- 🎇Malware Sample Resources
Malware Analysis Toolkit
Books and Guidelines
- 🔋Books and Guidelines for Malware Analysis .
📋Malware Analysis Tips
- 🖇️Malware Analysis Tips
🧽Incident Response
- 🐳What is Incident Response
  - Incident Response Tools
  - Incident Response Toolkit
Technical Analysis Report
- 🦎Technical Analysis Report
  - 🧲Stuxnet Memory Analysis
🚨Rootkit Removal
- 🤖Rootkit Removal
🗜️Antivirus Artifact
- 〽️Antivirus Artifact
  - 🀄Antivirus Process Name
🧠Malware Author Mindset
- 💽Malware Author Mindset
  - 🍫How Malware Author Terminate Antivirus Process during runtime ?

Powered by GitBook

On this page

🧽Incident Response

🐳What is Incident Response

Incident Response Tools

Incident Response Tools for Malware Analyst

1. Network Monitoring and Analysis

Wireshark: A widely-used network protocol analyzer that captures and interacts with network traffic.
TCPDump: A command-line packet analyzer for network troubleshooting and analysis.
Zeek (formerly Bro): A powerful network monitoring framework that provides real-time traffic analysis and security monitoring.

2. Endpoint Analysis

Sysinternals Suite: A collection of system utilities for monitoring and analyzing Windows systems, including tools like Process Explorer and Autoruns.
OSForensics: Offers a free version that provides tools for forensic analysis, including file and memory analysis.

3. Forensics and Memory Analysis

Volatility: An open-source framework for memory forensics that helps analyze memory dumps and extract valuable information.
Rekall: An open-source memory analysis tool for forensic investigations, similar to Volatility.

4. Log Analysis and Management

ELK Stack (Elasticsearch, Logstash, Kibana): A powerful open-source suite for log collection, storage, and visualization.
Graylog: An open-source log management tool that provides real-time log analysis and monitoring.

5. Malware Analysis

Cuckoo Sandbox: An open-source automated malware analysis system that executes and analyzes malicious files in a controlled environment.
Hybrid Analysis: A free online service that analyzes files and URLs for malicious behavior.

6. File and Data Recovery

Autopsy: A digital forensics platform and graphical interface for The Sleuth Kit (TSK), used for data recovery and forensic investigations.
TestDisk: An open-source tool for data recovery and partition repair.

7. Incident Response Management

TheHive: An open-source incident response platform that helps manage and collaborate on security incidents.
Cortex: A complementary tool to TheHive, providing analysis and enrichment of observables.

PreviousWhat is Incident Response NextIncident Response Toolkit

Last updated 7 months ago

Page cover image