Movatterモバイル変換

[0]ホーム
URL:

FIRST.Org

JoinDetails about FIRST membership and joining as a full member or liaison.LearnTraining and workshop opportunities, and details about the FIRST learning platform.ParticipateRead about upcoming events, SIGs, and know what is going on.CommunityCommunity and Capacity Building.

Behavioral Analysis

ProcMon (Process Monitor)

ToolProcMon (Process Monitor)
URLhttps://docs.microsoft.com/en-us/sysinternals/downloads/procmon
CostFree
TargetWindows
Description- an advanced monitoring tool for Windows that shows real-time activity for
- file system
- Registry
- process/thread activity
-adds an extensive list of enhancements
-rich and non-destructive filtering
-comprehensive event properties such session IDs and user names
-reliable process information
-full thread stacks with integrated symbol support for each operation
- simultaneous logging to a file
- and much more.
useful for- analyzing which processes are running
- file access
- registry access
similar Tools

Wireshark

ToolWireshark
URLhttps://www.wireshark.org/
CostFree
Targetno specific OS - general network analyzer
Description- Analyze and display network capture files
- adaptive filtering possibilities
- understands a lot of network protocols (HTTP, SMB, Modbus, ...)
- huge community to improve to software
useful for
- analyze network traffic
- generate statistics (top talkers, conversations, used protocols, ...)
- detailed analysis of TCP/UDP Streams and packetse
similar ToolsNetworkMiner

NetworkMiner

ToolNetworkminer
URLNetworkMiner - The NSM and Network Forensics Analysis Tool ⛏
CostFree, commercial Pro version available
Targetno specific OS - general network analyzer
Description- Analyze and display network capture files
- Extract data
- hosts, OS fingerprinting
- files (images, html files, ...)
- DNS queries and responses
- SSL Certificate information (Subject, Issuer, Serial, ...)
useful for- analyze network traffic
- extract data from streams (files, images, video streams, ...)
similar ToolsWireShark

ProcessHacker

ToolProcessHacker
URLGitHub - winsiderss/systeminformer: A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware. Brought to you by Winsider Seminars & Solutions, Inc. @ http://www.windows-internals.com
CostFree
TargetWindows
Description- A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware.
useful for- monitor system resources, debug software and detect malware
- Access memory regions of fileless malware
similar ToolsProcMon

FakeNet

ToolFakeNet
URLGitHub - mandiant/flare-fakenet-ng: [Suspended] FakeNet-NG - Next Generation Dynamic Network Analysis Tool
CostFree
TargetWindows and Linux
Description- A next generation dynamic network analysis tool for malware analysts and penetration testers
useful for- Fake Internet connection to allow malware to execute outbound connections
similar ToolsInetSim

Process Explorer

ToolProcess Explorer
URLProcess Explorer - Windows Sysinternals | Microsoft Docs
CostFree
TargetWindows
Description- show details about currently running processes
- accessed files or directoy
- which handles or DLLs are opened or loaded
useful for- analyzing which processes are running
- which DLLs are loaded
- which files are accessed by a running process
similar Tools

RegShot

ToolRegShot
URLregshot download | SourceForge.net
CostFree
TargetWindows
Description- create snapshots of the registry
- compare them to previous snapshots
useful for- analyzing changes in the registry between two different points in time
similar Tools

FakeDNS

ToolFakeDNS
URLGitHub - pathes/fakedns: Fake DNS server written in python 3
CostFree
Target
https://www.aldeid.com/wiki/PEiD- python daemon to fake a DNS server
useful for- fake a DNS server to analyze which DNS requests a running malware is sending
similar Tools

API Monitor

ToolAPI Monitor
URLAPI Monitor: Spy on API Calls and COM Interfaces (Freeware 32-bit and 64-bit Versions!) | rohitab.com
CostFree
TargetWindows
Description- monitor and control API calls made by applications and services
useful for- monitoring API calls made by applications and services
similar Tools

Capture BAT

ToolCapture BAT
URLCapture BAT – The Honeynet Project
CostFree
TargetWindows
Description- monitor the state of a system during the execution of applications and processing of documents
- monitors state changes on a low kernel level and can easily be used across various Win32 operating system versions and configurations
- provides a powerful mechanism to exclude event noise that naturally occurs on an idle system or when using a specific application
useful for- analyzing what happens on a system when applications are running
similar Tools
ToolSSDEEP
URLhttps://ssdeep-project.github.io/ssdeep/index.html
TargetWindows
CostFree
Descriptionssdeep is a program for computing context triggered piecewise hashes (CTPH). Also called fuzzy hashes, CTPH can match inputs that have homologies. Such inputs have sequences of identical bytes in the same order, although bytes in between these sequences may be different in both content and length.
useful forfuzzy hashing
similar Tools
[8]ページ先頭
©2009-2026 Movatter.jp