Program Sites
There are a great many sites on the Internet that provide freely available tools that are very well suited for incident response and forensic activities. When downloading tools for use from these sites, be sure to read the licensing information. Some sites will provide their tools completely free, while others may provide them free for personal use but require a nominal fee for corporate or business use.
DiamondCS (http://www.diamondcs.com.au) provides anti-Trojan and anti-worm tools, along with some very good freeware tools, such as openports.exe, cmdline.exe, etc. Be sure to read the licensing information for these tools.
NTSecurity.nu (http://www.ntsecurity.nu) provides such tools as gplist.exe, klogger.exe, and macmatch.exe, ...
Get Windows Forensics and Incident Recovery now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
