|
|
|
Please find below a list of links to tools, which are absolutely indespensable in any security officer's 'toolbox'.
| OS | Price1 | Name | Description | Link |
| Win | Freeware | SysInternals Process Explorer | SysInternals Process Explorer can be thought of as a very much enhanced Windows Task Manager. You can not only view all processes running on the local machine, but also what they are, which dlls they have loaded, where they can be found on the file system, which handles they have opened (files, registry, mutexes, ...). | http://www.sysinternals.com/ |
| Win | Freeware | SysInternals TCPView | SysInternals TCPView lets you see a list of all open sockets and listening ports on your machine, and most importantly (!) which applications have opened them up. Indespensable when you want to check on a machine's TCP/IP communications. | http://www.sysinternals.com/ |
| Win | Freeware | SysInternals PSTools Suite | The PSTools suite is a suite of commandline tools which allow you to list processes, suspend or kill processes, view logged on users, view open files, shutdown the machine. All this can be both on the local machine and on any remote windows NT/2000/XP machine. (Obviously you do need an account and a direct connection (no firewall) on those remote machines... | http://www.sysinternals.com/ |
| Win | 69.00 EUR | Norton Ghost 2003 | Lets you create a forensic image of a disk partition or drive. This enables you to collect full evidence and yet proceed swiftly to the restoration phase. Ghost is still DOS based, but now comes on a bootable CD and with support for NTFS, Linux EXT2/3 file systems. | http://www.symantec.com/ |
| *nix | Freeware | dsniff | A suite of network monitoring tools with a 'little more' (MITM attack tools, switch MAC address buffer overflow tool, ...). Hacker's tools, which can also prove great value to the security professional. | http://monkey.org/~dugsong/dsniff/ |
| Win | Freeware | SuperScan | Portscanner created by FoundStone: an ideal tool to find vulnerable machines in your network. | http://www.foundstone.com/ |
| Win | Freeware | Forensic Toolkit 2.0 | A forensic toolkit with a number of useful utilities for Windows NT: List files by last access time, scan for hidden files and file streams, display a file's security attributes. | http://www.foundstone.com/ |
| Multi |
$145/server $45/workst |
Veracity | A commandline-based system integrity and change detection tool. The little brother of Tripwire™: Less expensive, but also much fewer features (no registry change detection for Win platforms, no real-time file change detection) but it has an extremely small disk footprint, is extremely fast and discreet to install as not to draw attention to the fact that the sytem is monitored against a baseline configuration. | http://www.veracity.com/ |