Forensic Tools

In order to perform a forensic analysis you need access to several forensic tools. It is best to become familiar with them before the incident to ensure that you don't make any irrecoverable mistakes.

Network Capture/Analysis


Wireshark

Network Miner

Argus/RA

TCPDump

WinDump

Tcpdstat</li> <p class="MsoNoSpacing">

<p class="MsoNoSpacing">

Hard Drive Capture/Analysis
<p class="MsoNoSpacing">Network Analysis/Capture

<p class="MsoNoSpacing">Hard Drive Analysis/Capture
 * Netcat
 * Netstat
 * Nbtstat
 * Sys Internals
 * Wireshark
 * NetworkMiner
 * Argus/RA
 * TCPDump
 * WinDump
 * Tcpdstat
 * winhash
 * SHA-1


 * Uname –a
 * Cat /proc/version
 * Hostname
 * Ifconfig
 * Date
 * Netstat –aunt
 * Netstat –tulnp
 * W
 * Netstat –rn
 * Route
 * Ps aux
 * Service –status-all
 * Ps –Al
 * Crontab
 * Lsof
 * Lsmod
 * Gcore
 * dd

Tips
Find a variety of tools that you like. Make sure to learn them well enough that you understand when to use them and why </li>