Windows monitoring tools

Microsoft Defender

Microsoft Defender is a security app that helps people, companies and families stay safer online with malware protection, web protection, real-time security notifications, and security tips.

LogoMicrosoft Defender for Individuals | Microsoft 365

Splunk

Splunk is a software for searching, monitoring, and analyzing machine-generated data via a web-style interface.

LogoSplunk | Turn Data Into DoingSplunk

FTK Imager

FTK provides an intuitive interface for email analysis for forensic professionals. This includes having the ability to parse emails for certain words, header analysis for source IP address, etc. A central feature of FTK, file decryption is arguably the most common use of the software.

LogoFTK Imager - Forensic Data Imaging and Preview Solution | ExterroExterro

Sysmon

Sysmon, a tool used to monitor and log events on Windows, is commonly used by enterprises as part of their monitoring and logging solutions. As part of the Windows Sysinternals package, Sysmon is similar to Windows Event Logs with further detail and granular control.ο»Ώ

LogoSysmon - Sysinternalsdocsmsft

Wazuh

Wazuh is an open-source and extensive EDR solution, which Security Engineers can deploy in all scales of environments.

Wazuh operates on a management and agent model where a dedicated manager device is responsible for managing agents installed on the devices you'd like to monitor.

LogoThe Open Source Security Platform | WazuhWazuh

Eric Zimmerman's tools

These tools help the registry, file system, timeline, and many other analyses.

Eric Zimmerman's tools

KAPE

This tool automates the collection and parsing of forensic artifacts and can help create a timeline of events.

LogoKroll Artifact Parser and Extractor - KAPEKroll

Autopsy

Open-source forensics platform that helps analyze data from digital media like mobile devices, hard drives, removable drives.

LogoAutopsy | Digital ForensicsAutopsy

Volatility

It's a tool that helps perform memory analysis for memory captures from Windows or Linux OS. It can extract valuable information from the memory of a machine under investigation.

LogoThe Volatility Foundation - Promoting Accessible Memory Analysis Tools Within the Memory Forensics CommunityThe Volatility Foundation - Promoting Accessible Memory Analysis Tools Within the Memory Forensics Community

Redline

Free tool endpoint security tool, provides host investigative capabilities to users to find signs of malicious activity through memory and file analysis and the development of a threat assessment profile.

LogoRedline | FireEye MarketFireEye

Velociraptor

Advanced endpoint-monitoring, forensics and response platform.

LogoWelcome :: Velociraptor - Digging deeper!

PreviousPowerShell cheatsheetNextPower Platform

Last updated

Was this helpful?