Friday, March 10, 2017

network forensics

  • The Bro Network Security Monitor
Bro is a powerful network analysis framework that is much different from the typical IDS you may know
https://www.bro.org


  • GRR Rapid Response: remote live forensics for incident response
An incident response framework developed by security researchers at Google, the GRR framework analyzes specific workstations for malware footprints. Once both the server side and the agent have been deployed, they become GRR clients and can begin to receive messages from the front end servers, which makes it easy to investigate individual systems. Then the incident response team can perform various forensic tasks on the client machine, such as analyzing the memory, searching various settings and managing configuration options.
https://github.com/google/grr


  • Suricata

Suricata is a free and open source, mature, fast and robust network threat detection engine.
https://suricata-ids.org

  • NetScanTools® Pro
http://www.netscantools.com/nstpromain.html

No comments:

Post a Comment