Download C842 Cyber Defense and Countermeasures EC Council Certified Incident Handler CIH Tools... and more Exams Advanced Education in PDF only on Docsity!
C842 Cyber Defense and Countermeasures EC
Council Certified Incident Handler CIH Tools and
Commands Test With Solution
PILAR - ANSWER Risk analysis and Management tool
Pilar - ANSWER Assess risk against critical assets. Qualitative and quantitative. Generate risk assessment reports
Group Policy Management console - ANSWER Security policy Tools
Manageengine ... plus - ANSWER Ticketing system Tools
Alien vault - ANSWER Ticketing system Tools
Busk-security - ANSWER Incident analysis and validation Tools
Busk-security - ANSWER Collection of security checks for Linux. Identify security status.
kiwi syslog - ANSWER Incident analysis and validation Tools
Splunk light - ANSWER Incident analysis and validation Tools
kiwi syslog - ANSWER message Management tool across servers and network devices. Syslog messages, SNMP traps, event log, real time
Splunk light - ANSWER Collecting monitoring analyzing low from servers applications and other sources.
Microsoft Baseline Security Analyzer (MBSA) - ANSWER Tools for detecting missing security patches
Microsoft Baseline Security Analyzer (MBSA) - ANSWER Determine security
State. Scan for missing patches and misconfigs.
Magic tree - ANSWER Report writing tools
Keepnote - ANSWER Report writing tools
FTK... - ANSWER Data Imaging Tools
FTK Imager - ANSWER data preview and imaging tool that enables analysis of files and folders on local hard drives, CDs/DVDs, network drives, and examination of the content of forensic images or memory dumps
R-Drive... - ANSWER Data Imaging Tools
R-Drive... - ANSWER provides creation of disk image files for backup or duplication purposes. restores the images on the original disks, on any other partitions, or even on a hard drive's free space. one can restore the system after heavy data loss caused by an operating system crash, virus attack, or hardware failure
· EnCase Forensic
Data Acquisition Toolbox
· RAID Recovery for Windows
· R-Tools R-Studio
F-Response Imager - ANSWER Data Imaging Tools
HashCalc - ANSWER Image Integrity Tools
HashCalc - ANSWER compute multiple hashes, checksums, and HMACs for files, text, and hex strings.
MD5 Calculator - ANSWER Image Integrity Tools
logged on users and users logged on via resources for either the local computer, or a remote one. If you specify a user name instead of a computer, it searches the computers in the network neighborhood and tells you if the user is currently logged on.
net session (Windows) - ANSWER helps to manage server connections. It is used without parameters and it displays information about all logged in sessions of the local computer
Logonsessions (Windows) - ANSWER lists the currently active logged-on sessions and, if you specify the -p option, it can provide you the information of processes running in each session.
Who (Linux: ) - ANSWER · user that is currently logged on locally.
Who -all/-a (Linux) - ANSWER displays all currently logged on users, local and remote
Last (Linux - ANSWER displays a history of logged on users, local and remote.
Lastlog (Linux - ANSWER · displays the last login times for system accounts.
W (Linux - ANSWER · displays summaries of system usage, currently logged on users, and logged on user activities.
Passwd (Linux - ANSWER contains user account information, including one-way encrypted passwords
Nbtstat - ANSWER troubleshoot NetBIOS name resolution problems. When a network is functioning normally, NetBIOS over TCP/IP (NetBT) resolves NetBIOS names to IP addresses
nbtstat -c - ANSWER · contents of the NetBIOS name cache, which contains NetBIOS name-to-IP address mappings.
nbtstat -n - ANSWER displays the names that have been registered locally on the system by NetBIOS applications such as the server and redirector
nbtstat -r - ANSWER displays the count of all NetBIOS names resolved by broadcast and by querying a WINS server
nbtstat -S - ANSWER · list the current NetBIOS sessions and their statuses.
Netstat - ANSWER collecting information about network connections operative in a Windows system.
Netstat -a - ANSWER Displays all active TCP connections as well as the TCP and UDP ports on which the computer is listening
Netstat -e - ANSWER · Displays Ethernet statistics, such as the number of bytes and packets sent and received.
Process Explorer - ANSWER shows the information about the handles and DLLs of the processes, which have been opened or loaded.
Forensic Explorer - ANSWER Forensic Analysis Tools
Forensic Explorer - ANSWER recovers and analyzes hidden and system files, deleted files, file and disk slack and unallocated clusters
Forensic Toolkit (FTK - ANSWER Forensic Analysis Tools
Forensic Toolkit (FTK - ANSWER delivers cutting-edge analysis, decryption, and password cracking. It has intuitive, customizable and user-friendly interface. It also enables to utilize a back-end database to handle large data sets
Event Log Explorer - ANSWER Forensic Analysis Tools
Event Log Explorer - ANSWER software solution for viewing, monitoring, and analyzing events recorded in security, system, application, and other logs of Microsoft Windows operating systems. It helps to quickly browse, find, and report on problems, security warnings, and all other events that are
generated within Windows
OSForensics - ANSWER Forensic Analysis Tools
OSForensics - ANSWER helps discover relevant forensic data faster with high performance file searches and indexing as well as restores deleted files. It identifies suspicious files and activity with hash matching, drive signature comparisons and looks into e-mails, memory and binary data. It also manages digital investigation, organizes information and creates reports about collected forensic data
Helix3 - ANSWER Forensic Analysis Tools
Helix3 - ANSWER · giving you visibility across your entire infrastructure revealing malicious activities such as internet abuse, data sharing and harassment. It also allows you to isolate and respond to incidents or threats quickly and without user detection through a central administration tool. It allows you to quickly detect, identify, analyze, preserve and report giving you the evidence to reveal the truth and protect your business.
Autopsy - ANSWER Forensic Analysis Tools
Autopsy - ANSWER digital forensics platform and graphical interface to The
Process Monitor - ANSWER Live System Analysis: Process Monitoring Tools
Process Monitor - ANSWER shows real-time file system, registry, and process/thread activity. It combines the features of two legacy Sysinternals utilities, Filemon and Regmon, and adds an extensive list of enhancements including rich and non-destructive filtering, comprehensive event properties such session IDs and user names, reliable process information, full thread stacks with integrated symbol support for each operation, simultaneous logging to a file, and so on
jv16 Power Tools 2017 - ANSWER Live System Analysis: Registry Monitoring Tools
jv16 Power Tools 2017 - ANSWER PC system utility software that works by cleaning out unneeded files and data, cleaning the Windows registry, automatically fixing system errors, and applying optimization to your system
Windows Service Manager (SrvMan - ANSWER Live System Analysis: Windows Services Monitoring Tools
Windows Service Manager (SrvMan - ANSWER Create services
Delete services
Start/stop/restart services
Install and start a legacy driver with a single call
Startup Program Monitoring Tool: Autoruns for Windows - ANSWER Live System Analysis: Startup Programs Monitoring Tools
Startup Program Monitoring Tool: Autoruns for Windows - ANSWER autostart the location of any startup monitor, display what programs are configured to run during system bootup or login, and show the entries in the order Windows processes them
Loggly - ANSWER Live System Analysis: Event Logs Monitoring Tools
Loggly - ANSWER automatically recognizes common log formats and gives a structured summary of all your parsed logs. It provides real-time log monitoring, system behavior, and unusual activity. It brings logs from the depths of an organization's infrastructure to track activity and analyze trends
Mirekusoft Install Monitor - ANSWER Live System Analysis: Installation Monitoring Tools
Mirekusoft Install Monitor - ANSWER automatically monitors what gets placed on your system and allows to uninstall it completely. works by monitoring what resources such as file and registry are created when a
DNSQuerySniffer - ANSWER shows the DNS queries sent on your system. For every DNS query, the following information is displayed: Host Name, Port Number, Query ID, Request Type (A, AAAA, NS, MX, and so on), Request Time, Response Time, Duration, Response Code, Number of records, and the content of the returned DNS records
API Monitor - ANSWER Live System Analysis: API Calls Monitoring Tools
API Monitor - ANSWER allows you to monitor and display Win32 API calls made by applications. It can trace any exported APIs and display a wide range of information, including function name, call sequence, input and output parameters, function return value, and more
schtasks - ANSWER Live System Analysis: Scheduled Task Monitoring Tools
schtasks - ANSWER display a list of all the scheduled tasks on the system
Wireshark - ANSWER Live System Analysis: Browser Activity Monitoring Tools
Wireshark - ANSWER network protocol analyzer. It captures and intelligently
browses the traffic passing through a network
HashMyFiles - ANSWER Malware Detection Techniques: File Fingerprinting Tools
HashMyFiles - ANSWER produces a hash value of a file using MD5, SHA1, CRC32, SHA-256, SHA-512, and SHA-384 algorithms
VirusTotal - ANSWER Memory Dump Analysis: Local and Online Malware Scanning Tools
VirusTotal - ANSWER free service that analyzes suspicious files and URLs and facilitates the detection of viruses, worms, Trojans, and so on
BinText - ANSWER Memory Dump Analysis: Performing Strings Search Tools
BinText - ANSWER · text extractor that can extract text from any kind of file and includes the ability to find plain ASCII text, Unicode text, and Resource strings, providing useful information for each item.
PEiD - ANSWER Memory Dump Analysis: Identifying Packing/Obfuscation Tools
binary programs, for which source code is not always available, to create maps of their execution
Volatility Framework - ANSWER Memory Dump Analysis Using Volatility Framework
Volatility Framework - ANSWER collecting various malware artifacts from a system that does not have power supply. helps incident responders to conduct a deeper analysis to assess the impact, location, and propagation methods of the malware.
SSDT View - ANSWER Intrusion Analysis: Detecting Malware by Its Covert Storage/Hiding Techniques
SSDT View - ANSWER list the most significant aspects of the System Service Descriptor Table (SSDT) including service indexes, service addresses, service names, and the module name which corresponds to the service address
RogueKiller - ANSWER Intrusion Analysis: Detecting Malware by Its Covert Storage/Hiding Techniques
RogueKiller - ANSWER antimalware that is able to detect and remove generic malware and advanced threats like rootkits, rogues, and worms. It also
detects controversial programs (PUPs) as well as possible bad system modifications/corruptions (PUMs
CapLoader - ANSWER Intrusion Analysis: Detecting Malware by Its Covert Communication Techniques
CapLoader - ANSWER designed to handle large amounts of captured network traffic. performs indexing of PCAP/PcapNG files and visualizes their contents as a list of TCP and UDP flows
PRTG Network Monitor - ANSWER Intrusion Analysis: Detecting Malware by Its Covert Communication Techniques
PRTG Network Monitor - ANSWER network monitoring tool effectively used to monitor entire network infrastructure
ClamWin - ANSWER Antivirus Tools
ClamWin - ANSWER free, open-source antivirus program for Windows systems. It comes with a super-fast installer and an easy-to-use interface, which makes it convenient to detect and clean infections from a computer system. It provides high detection rates for viruses and spyware and a scanning scheduler.
Email Dossier - ANSWER Tools for Checking the Email Validity
Email Dossier - ANSWER · is a part of the CentralOps.net suite of online network utilities. It is a scanning tool that the incident handler can use to check the validity of an email address. It provides information about email address, including the mail exchange records. This tool initiates SMTP sessions to check address acceptance, but it never actually sends email.
eMailTrackerPro - ANSWER Email Tracking Tools
eMailTrackerPro - ANSWER · analyzes email headers and reveals information such as sender's geographical location, IP address, and so on. It allows an attacker to review the traces later by saving past traces.
PoliteMail - ANSWER Email Tracking Tools
G-Lock Analytics - ANSWER Email Tracking Tools
EventLog Analyzer - ANSWER Tools for Email Log Analysis
EventLog Analyzer - ANSWER provides log management with agent and agentless methods of log collection, custom log parsing, and complete log
analysis with reports and alerts
Recover My Email - ANSWER Email Recovery Tools
Recover My Email - ANSWER mail recovery software that can recover deleted email messages from either Microsoft Outlook PST files or Microsoft Outlook Express DBX files
Gophish - ANSWER Antiphishing Tools
Gophish - ANSWER open-source phishing toolkit meant to help incident responders and businesses conduct real-world phishing simulations
SPAMfighter - ANSWER Antispamming Tools
SPAMfighter - ANSWER · automatically removing the spam and phishing emails from your inbox.
Gpg4win - ANSWER Email Security Tools
Gpg4win - ANSWER enables users to securely transport emails and files with
