Tools - Security and Forensics
Free and inexpensive tools – Security and Forensics
A variety of links to online tools and downloads for Linux and Windows are listed here. As with all software, please make your own judgment about the usefulness or serviceability of these programs for any particular purpose. No warranty or endorsement is expressed or implied of the software or of the site hosting them by their inclusion here. PLEASE do not use these tools unless you have authority or permission. This is a world where “just looking around” could be a serious criminal offence.
Firewall
- pfSense
Intrusion Detection
- Snort
- Suricata
- Bro IDS
Linux
Linux is the operating system of choice for much of the forensic community.
Linux – Security Onion
“Security Onion is a Linux distro for IDS (Intrusion Detection) and NSM (Network Security Monitoring). It’s based on Ubuntu and contains Snort, Suricata, Sguil, Squert, Snorby, Bro, NetworkMiner, Xplico, and many other security tools. The easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes!” (https://code.google.com/p/security-onion/)
https://code.google.com/p/security-onion/wiki/Installation
Network Discovery
- Nmap
- Skipfish
- Ipscan
- Umit – used Nmap for its backend
Packet Analysis
- Wireshark
- Tshark – command line version of Wireshark
- TCPdump
- nGREP
- Cloudshark
- LANGuardian
Penetration testing tools
- Pentoo,
- NodeZero,
- Kali, and
- BackBox
Registry
Forensic Registry Editor – fred
for Linux and Windows
https://www.pinguin.lu/index.php
Security Information and Event Management (SEIM)
- OSSIM – with intrusion detection
- Security Onion – with intrusion detection
Undelete and File Recovery
Recuva
Windows
Most files still exist (at least partially) long after they are deleted.
http://www.piriform.com/recuva/download
Vulnerability Scanning
- OpenVAS
- NESSUS – closed project – based of OpenVAS