Tools Flashcards
(15 cards)
A command-line utility for copying and converting data, often used for creating forensic images of drives. Disk cloning, data recovery, creating backups
dd
A utility for capturing the contents of RAM. Analyzing system state at the time of an incident, malware analysis.
Memdump
Displays network connections, routing tables, and network interface statistics. Troubleshooting network issues, identifying open ports, detecting suspicious connections.
Netstat
A hexadecimal editor used for data recovery, low-level data processing, and computer forensics. Examining and editing binary data, recovering deleted files, malware analysis
Winhex
A powerful network scanner used for host discovery, port scanning, and OS detection. Network mapping, vulnerability scanning, security auditing.
nmap
Software for managing and securing mobile devices. Enforcing security policies, managing applications, remote wipe.
MDM (Mobile Device Management)
A powerful network protocol analyzer for capturing and inspecting network traffic. Troubleshooting network issues, analyzing network protocols, security incident investigation.
Wireshark
A Cisco technology for collecting IP network traffic data. (Largely superseded by IPFIX). Network traffic analysis, intrusion detection, bandwidth monitoring.
Netflow
A versatile tool for reading and writing data across network connections, often used for port scanning and banner grabbing. Network debugging, simple TCP/UDP communication, security testing (can be misused).
Netcat
A comprehensive vulnerability scanner used to identify security weaknesses in systems and applications. Security assessments, penetration testing.
Nessus
A digital forensics platform that simplifies investigating computers and smartphones. Analyzing disk images, recovering deleted files, timeline analysis.
Autopsy
A tool for acquiring forensic images of disks and other media, and previewing recoverable data. Data acquisition, evidence preservation.
FTK Imager
Standard for exporting IP flow information from routers, switches, and firewalls. Network traffic analysis, intrusion detection, bandwidth monitoring.
IPFIX (NetFlow v10)
A command-line utility (now largely superseded by ip in modern Linux systems) used to display and configure network interface settings, such as IP addresses, netmasks, and broadcast addresses. It’s important for troubleshooting network connectivity issues.
ifconfig
An open-source intelligence (OSINT) tool used to gather email addresses, subdomains, hostnames, employee names, open ports and banners from different public sources like search engines and PGP key servers. It’s a valuable tool for penetration testers and security professionals to identify potential attack vectors and information leaks.
theHarvester
