# List of useful tools and guides

## Cane

- Computer Forensics Linux Live Distro
- Friendly graphical user interface
- Link: https://www.caine-live.net/index.html

## Security Onion 2

- Threat hunting
- Security monitoring
- Log management
- Git repo: https://git.csec.ba/CSEC_PUBLIC/securityonion

## SIFT Workstation

- SANS incident response and forencisc toolset
- Link: https://www.sans.org/tools/sift-workstation/

## Wireshark

- Network protocol and traffic analyser
- Link: https://www.wireshark.org/

## Photo Rec

- Data recovery tool
- Link: https://www.cgsecurity.org/wiki/PhotoRec

## Readline

- Redline®, FireEye’s premier free endpoint security tool, provides host investigative capabilities to users to find signs of malicious activity through memory and file analysis and the development of a threat assessment profile. Use Redline to collect, analyze and filter endpoint data and perform IOC analysis and hit review. In addition, users of FireEye’s Endpoint Security (HX) can open triage collections directly in Redline for in-depth analysis, allowing the user to establish the timeline and scope of an incident. This app runs on Windows only.
- Link: https://fireeye.market/apps/211364

## Sleuth kit

- Autopsy is an easy to use, GUI-based program that allows you to efficiently analyze hard drives and smart phones. It has a plug-in architecture that allows you to find add-on modules or develop custom modules in Java or Python.
- The Sluth Kit is a collection of command line tools and a C library that allows you to analyze disk images and recover files from them. It is used behind the scenes in Autopsy and many other open source and commercial forensics tools.
- Link: http://www.sleuthkit.org/

## Any run

- Malware hunting with live access to the heart of the incident 
- Link: https://app.any.run/

## Virus Total

- Analyse suspicious files, domains, IPs and URLs to detect malware and other breaches, automatically share them with the security community.
- Link: https://www.virustotal.com/gui/home/upload