Tool Library
Welcome to My Cybersecurity Tool Library—an invaluable resource created to equip you with insights into a multitude of tools. My mission is to demystify these tools, providing clarity and understanding to aid your cybersecurity journey.
​
This page serves as a comprehensive guide, featuring a curated selection of tools that cover various aspects of cybersecurity. Whether you're a novice or an expert in the field, this library offers a wealth of information to assist you in comprehending and leveraging the capabilities of these tools effectively
KAPE
KAPE, crafted by Eric Zimmerman, stands as a powerful, free, and versatile triage collection and post-processing tool designed to streamline forensic data gathering. (My Professional use)
Blog Link:
Glimpses of Brilliance: Kape: Click here
KAPE: A Detailed Exploration: Click here
Velociraptor
Velociraptor is one such tool that stands out for its unique capabilities, making it an essential part of any forensic investigator or incident responder’s toolkit. Whether you're conducting a quick compromise assessment, performing a full-scale threat hunt across thousands of endpoints, or managing continuous monitoring of a network, Velociraptor can handle it all.
​
Exploring Velociraptor: A Versatile Tool for Incident Response and Digital Forensics :- Click Here
Setting Velociraptor for Forensic Analysis in Home Lab : Click Me
Navigating Velociraptor: A Step-by-Step Guide : Click Me
An All-in-One PowerShell Script
I've tried to developed a PowerShell script designed to perform an analysis of system and collect information, covering everything from basic system information to intricate details. This script outputs the collected data in a clean HTML format, making it easy to review and act upon.
Streamlining Incident analysis: An All-in-One PowerShell Script
Registry Keys and File Locations Captured by Script : Click Me
Redline
RedLine is an advanced forensics tool designed to deeply analyze Windows systems for malicious activity. With its comprehensive suite of capabilities.
FireEye Redline: A Powerful Endpoint Investigation Tool
Cyber Triage
Cyber triage collecting and analyzing endpoint data, it helps cybersecurity professionals quickly identify, prioritize, and respond to security incidents, enhancing overall incident management workflows.
Cyber Triage: Another Powerful Investigation tool
HayaBusa
In the realm of log analysis tools, Hayabusa stands out as an indispensable asset, particularly in deep investigations following initial analyses.
Blog Link
Hayabusa: A Powerful Log Analysis Tool for Forensics and Threat Hunting: Click Here
Hayabusa.exe: Essential Commands for In-depth Log Analysis :
Log Parser
It supports parsing and analyzing log files from a wide range of sources such as Windows Event logs, IIS logs, CSV files, XML files, and more.
Microsoft's Log Parser
OS Forensics
This software allows professionals to delve into operating systems to gather evidence, uncover hidden data, and perform comprehensive forensic analysis.
OS Forensics by PassMark: A Game-Changer in Digital Forensics
Chainsaw
Chainsaw is a command-line tool that provides a fast method of running Sigma rule detection logic over event log data to highlight suspicious entries.
Blog Link:
Chainsaw: Streamlining Log Analysis for Enhanced Security Insights: Click here
Chainsaw.exe :- commands : Click here
DensityScout
Specializing in the detection of common obfuscation techniques such as runtime packing and encryption,
Blog Link:
Unveiling Suspicious Files with DensityScout : Click here
Thumbcache_viewer_64
Thumbnail cache in Windows is an essential feature that helps speed up the display of folders by storing thumbnail images.
Blog Link:
Understanding and Managing Thumbnail Cache in Windows : Click here
Magnet Encrypted Disk Detector
(EDDv310) is a powerful tool designed to quickly and non-intrusively check for encrypted volumes on a system..
​
Blog Link:
Exploring Magnet Encrypted Disk Detector (EDDv310) : Click here
User Activity with LastActivityView
LastActivityView is a free tool that collects and displays information about the recent activities on your Windows computer...
​
Blog Link:
Unveiling User Activity with LastActivityView by NirSoft : Click here
Volatility 3
It's a powerful toolset designed to extract digital artifacts from volatile memory (RAM) and perform in-depth forensic investigations.
Unveiling Volatility 3: A Guide to Extracting Digital Artifacts:
​Microsoft-Extractor-Suite and Microsoft-Analyzer-Suite
Microsoft-Extractor-Suite is an actively maintained PowerShell tool designed to streamline data collection from Microsoft environments, including Microsoft 365 and Azure."​
Streamlining Cloud Log Analysis with Free Tools: Microsoft-Extractor-Suite and Microsoft-Analyzer-Suite :- Click Me
Memory Forensics Using Strings and Bstrings
Two key tools frequently used in this process are Strings and Bstrings. While both help extract readable characters from memory dumps, they offer distinct features that make them suitable for different environments..
Memory Forensics Using Strings and Bstrings: A Comprehensive Guide: Click Here
MemProcFS/MemProcFS Analyzer
MemProcFS is a powerful memory forensics tool that allows forensic investigators to mount raw memory images as a virtual file system.
MemProcFS/MemProcFS Analyzer: Comprehensive Analysis
Guide: Click Here
NMAP
Nmap allows users to discover devices on a network, perform port scanning to determine which ports are open on target systems, and gather information about the services running on those ports.
Network Scanning with Nmap:
Suricata
Suricata is an open-source Network Intrusion Detection System (NIDS), Network Security Monitoring (NSM), and Intrusion Prevention System (IPS) designed for real-time traffic analysis and security monitoring
Blog Link
Exploring Suricata: Part 1: Click here
How to Download and Start Suricata Part 2: Click here
Suricata Configuration Part 3: Click here
Suricata configurations Part 4 : Click here
CentralOps
CentralOps, a robust online suite of tools and services designed to provide a one-stop solution for gathering critical internet-related data
Unveiling the Power of CentralOps
Kansa-Master
One powerful tool that exemplifies this proactive stance is Kansa, a robust data collection framework designed for incident response and threat hunting.
Power of Kansa: A Comprehensive Guide to Incident Response and Threat Hunting:
PECmd.exe
Prefetching, a process optimizing system performance by loading data into memory before needed, generates valuable artifacts in the form of .pf files
Prefetch Analysis: Tool-->PECmd.exe:
AppCompactCacheParser.exe/AmcacheParser.exe
designed to detect and remediate program compatibility challenges that may arise when a program is launched.
Shimcache/Amcache Analysis: Tool>AppCompactCacheParser.exe/AmcacheParser.exe:
Amcache.hiv Analysis: Tool--> Registry explorer
we delve into the intricacies of the Amcache.hve, focusing on the InventoryApplicationFile, InventoryApplication, and InventoryDriverBinary keys.
Amcache.hiv Analysis: Tool--> Registry explorer:
Power of EvtxECmd
Eric Zimmerman's EvtxECmd emerges as a game-changer, offering not just a command-line parser but a comprehensive tool for transforming, filtering, and extracting critical information from Windows event logs
Unleashing the Power of EvtxECmd: Windows Event Log Analysis:
Jump list Analysis: Tool-->JLECmd.exe
Jump Lists represent a dynamic feature engineered to empower users by granting them swift access to frequently or recently used items.
Blog Link:
Jump list Analysis: Tool-->JLECmd.exe :- Click Me
SBECmd.exe or ShellBagsExplorer
Shell Bags are data structures within the Windows registry that track user window viewing preferences in Windows Explorer.
Blog Link:
Shell Bags Analysis: Tool-->SBECmd.exe or ShellBagsExplorer- GUI Version :- Click Me
WinPmem
WinPmem is a robust memory acquisition tool designed specifically for Windows environments.
Unveiling System Secrets with WinPmem(memory acquisition tool):
I_Parse_v1.1
The recycle bin plays a significant role in forensic investigations on Windows filesystems, offering valuable insights into deleted files and user activities.
Recycle Bin $I Tool :- Click Me
LECmd.exe
"During a forensic examination of a hard drive, LNK files can determine what programs and files a user were accessing on their computer."
Lnk Files Tool :- Click Me
Plaso/Log2Timeline
"Plaso is the Python-based backend engine powering log2timeline, while log2timeline is the tool we use to extract timestamps and forensic artifacts. Together, they create what we call a super timeline—a comprehensive chronological record of system activity."
A Deep Dive into Plaso/Log2Timeline Forensic (Ubuntu) :- Click Me
Running Plaso/Log2Timeline on (Windows) :- Click Me
​
File recovery : PhotoRec
"Photorec is a versatile data recovery program that reads file headers and targets various media file types"
Data Recovery and Analysis :- Click Me
​
Kernal PST and OST File Viewers
"These tools not only simplify the extraction and viewing of data but also ensure compatibility across different file formats and versions."
Exploring PST and OST File Viewers for Forensic Analysis :- Click Me
​
MetaDiver: Forensic Analysis Tool
"MetaDiver is a powerful forensic tool designed to analyze and extract metadata from various file types.."
​
MetaDiver: A Comprehensive Forensic Analysis Tool( for metadata analysis) :- Click Me
DB Browser for Forensic Analysis
"Freely available, it has become a favorite not only for database administrators but also for forensic analysts..."
​
Power of DB Browser for Forensic Analysis :- Click Me
WinAudit Tool Overview
"Freely available, it has become a favorite not only for database administrators but also for forensic analystsWinAudit.exe is one such tool that delivers a detailed audit of your system, offering essential data to strengthen your cybersecurity posture."
​
WinAudit Tool Overview :- Click Me
Windows Security with Log-MD
"Log-MD is a security tool tailored for Windows systems. It audits log settings and advanced audit policy configurations, guiding users to enable and configure these settings for better security and detection.."
​
Enhancing Windows Security with Log-MD :- Click Me
Bitmap Cache Files
"When dealing with Remote Desktop Protocol (RDP) sessions on Windows, one of the often overlooked yet valuable artifacts is the RDP bitmap cache..."​
Analyzing and Extracting Bitmap Cache Files from RDP Sessions :- Click Me
Aurora Incident Response
"While experienced teams can still thrive using traditional tools like Excel, Aurora Incident Response (Aurora IR) stands out as a fantastic free and open-source solution for those who need a more structured and user-friendly approach to investigations."​
Aurora Incident Response: A Powerful Open-Source Tool for Investigators :- Click Me
RECmd
"RECmd, a powerful command-line tool created by Eric Zimmerman, designed to automate the process of registry analysis."​
Automating Registry Analysis with RECmd :- Click Me