Archive for May, 2014

Open Source tools I use at work

May 22, 2014
0

No catchy title here today. I recently did a webcast for SANS called the “7 Deadly Sins of Security Operations” and during the talk, I mentioned that sometimes, even with the choice or ability to use a more expensive commercial tool, my team will still choose to use something open source. The breadth of tools that members of the security community have created over the years and continue to innovate and improve upon is truly astounding but my list will only cover what we use on a regular basis. So for what you don’t find on my list, please make sure you look for others that can help you, and if you don’t find what you need, roll your own… and then tell me so I can use it!

Open Source Tools

SIFT Workstation
Remnux
Volatility Framework
RegRipper
TriageIR
Plaso
get_rep
PDF Tools
Nmap

And not to be forgotten, there are some great tools out there that are not open source but are free to use:

Commercial

FTK Imager
Mandiant Redline
SysInternals
DumpIt

If we choose to script something ourselves, we tend to go with a coding language that best fits the job. I recently used perl to parse a particularly horrible log format into something more readable, but we also frequently use python or powershell depending on the task.

Again, this list is by NO means exhaustive. There are MANY tools out there I haven’t mentioned as the purpose of this post was just to list what we have found useful in our practice. If you have any tools that are must-have in your day to day, I would appreciate you reaching out and sharing it with me.