Windows monitoring tools
Last updated
Was this helpful?
Last updated
Was this helpful?
Microsoft Defender is a security app that helps people, companies and families stay safer online with malware protection, web protection, real-time security notifications, and security tips.
Splunk is a software for searching, monitoring, and analyzing machine-generated data via a web-style interface.
FTK provides an intuitive interface for email analysis for forensic professionals. This includes having the ability to parse emails for certain words, header analysis for source IP address, etc. A central feature of FTK, file decryption is arguably the most common use of the software.
Sysmon, a tool used to monitor and log events on Windows, is commonly used by enterprises as part of their monitoring and logging solutions. As part of the Windows Sysinternals package, Sysmon is similar to Windows Event Logs with further detail and granular control.ο»Ώ
Wazuh is an open-source and extensive EDR solution, which Security Engineers can deploy in all scales of environments.
Wazuh operates on a management and agent model where a dedicated manager device is responsible for managing agents installed on the devices you'd like to monitor.
These tools help the registry, file system, timeline, and many other analyses.
This tool automates the collection and parsing of forensic artifacts and can help create a timeline of events.
Open-source forensics platform that helps analyze data from digital media like mobile devices, hard drives, removable drives.
It's a tool that helps perform memory analysis for memory captures from Windows or Linux OS. It can extract valuable information from the memory of a machine under investigation.
Free tool endpoint security tool, provides host investigative capabilities to users to find signs of malicious activity through memory and file analysis and the development of a threat assessment profile.
Advanced endpoint-monitoring, forensics and response platform.
