tag:blogger.com,1999:blog-1746946614390371171.post8848623555476107815..comments2023-05-09T02:31:13.939-07:00Comments on Computer Forensics, Malware Analysis & Digital Investigations: What 'tier 2' & 'tier 3' tools do you load on your forensic workstation(s)?Lance Muellerhttp://www.blogger.com/profile/15789264000499223230noreply@blogger.comBlogger2125tag:blogger.com,1999:blog-1746946614390371171.post-48670181691616031632013-10-22T16:27:03.026-07:002013-10-22T16:27:03.026-07:00I like to view my preferred tool sets for this wor...I like to view my preferred tool sets for this work based on the criteria if they are open, and well used in the community. I don't wish anyone to come away possibly thinking I am discounting commercial applications in any way. ( I frankly think many of them are terrific.) But I feel the more chances a tool has source code that can be reviewed, studied, examined, and (if the writer is gracious enough to take on feedback, feature requests, or helpful criticism) evaluated, the better it can be. The Log2timeline project is a perfect example. I noticed something about the way it handled reporting of packet data in the output module and I asked for a feature request from Kristinn. In some way, IMHO I think that sort of thing helps advance the community and practice.<br /><br />For the purposes of this blog subject, If woken up and asked to do analysis on a lean budget, I would tend towards using The Slueth Kit (TSK) usually on a Linux platform, log2timeline, and tshark. Two other essentials to me are vi or nano, and xxd for dealing with text files and hex data/binary files, respectively.Thomas Millarhttps://www.blogger.com/profile/00389368627835507439noreply@blogger.comtag:blogger.com,1999:blog-1746946614390371171.post-80283738775226925742013-10-22T04:36:45.060-07:002013-10-22T04:36:45.060-07:00Very interesting post, Lance...thanks for sharing....Very interesting post, Lance...thanks for sharing. I don't have access to the tier 1 tools, so your tier 2 is my tier 1...<br /><br />Thanks for sharing...H. Carveyhttps://www.blogger.com/profile/08966595734678290320noreply@blogger.com