SIEM

Free Resources

• NIST Computer Security Incident Handling Guide (800-61r2)
  • https://csrc.nist.gov/publications/detail/sp/800-61/rev-2/final
• Interfacing with Law Enforcement
  • https://www.sans.org/score/law-enforcement-faq
• Incident Handling Forms
  • https://www.sans.org/score/incident-forms
• Jai Minton’s DFIR Cheat Sheet
  • https://www.jaiminton.com/cheatsheet/DFIR/#persistence-and-automatic-loadrun-reg-keys
• CISA Incident Response Series
  • https://www.youtube.com/playlist?list=PL-BF3N9rHBLJaSbTRPyWYj56f0m2uDQD7
• s0cm0nkeys Security Reference Guide
  • https://s0cm0nkey.gitbook.io/s0cm0nkeys-security-reference-guide/

Non-Free Resources

• SANS Hacker Tools, Techniques, Exploits, and Incident Handling (SEC504)
  • https://www.sans.org/course/hacker-techniques-exploits-incident-handling

Live Forensics Tools

• Google Rapid Response (GRR)
  • https://github.com/google/grr
• Meerkat
  • https://github.com/TonyPhipps/Meerkat

Offline Forensics Tools

• log2timeline & Plaso
  • https://github.com/log2timeline/plaso
  • https://digital-forensics.sans.org/media/Plaso-Cheat-Sheet.pdf
  • https://plaso.readthedocs.io/en/latest/sources/user/Using-log2timeline.html
• Timesketch
  • http://timesketch.org/
  • https://github.com/google/timesketch
• Autopsy
• apfs-fuse

This site is open source. Improve this page.