Personal tools

AusCERT Conference

The annual AusCERT conference is Australia's best cyber security event for anyone with an interest in cyber and information security.

AusCERT PKI certificate service

The AusCERT Certificate Service offers PKI certificates for people, servers and software for Australian and New Zealand education and research organisations.

AusCERT Vision & Mission Statement

AusCERT is the trusted cyber emergency response team for the Australian information economy, providing valued incident prevention and detection.

Useful Forensic Tools and Resources

Another handy list of links, this time for forensic analysis. The tools
in this list are all free. Although only one is listed here, there are
many live Linux CD distributions available, but you should beware the
problem of file system writes that can occur when using them - read the
link about live CD issues before you consider taking an image without
a physical write blocker.

Collecting Electronic Evidence After a System Compromise:
http://www1.auscert.org.au/2247

HB171-2003 Guidelines for the management of IT evidence (not free)
http://infostore.saiglobal.com/store/Details.aspx?ProductID=568739

The home of The Sleuth Kit and Autopsy. TSK is the successor to
The Coroner's Toolkit and Autopsy is a GUI interface for TSK:
http://www.sleuthkit.org/

The Volatility Foundation, a source of memory forensic tools:
http://www.volatilityfoundation.org/

SANS Investigative Forensic Toolkit (SIFT):
https://digital-forensics.sans.org/community/downloads

Android (mobile) forensics:
https://github.com/viaforensics/android-forensics

DEFT Zero is a mini Linux distribution designed for data acquisition:
http://www.deftlinux.net/2015/04/24/deft-zero-rc1-ready-for-download/

ELK Forensics - forensic configuration files for ElasticSearch, Logstash and Kibana:
https://github.com/cvandeplas/ELK-forensics

GRR Rapid Response is an incident response framework focused on remote live forensics:
https://github.com/google/grr

nightHawk Response is a custom built application for asynchronous forensic data presentation on an Elasticsearch backend:
https://github.com/biggiesmallsAG/nightHawkResponse

Scalable File-Centric Malware Analysis and Intrusion Detection System
http://lockheedmartin.com/us/what-we-do/information-technology/cybersecurity/laika-boss.html

PsTools is a suite of command line process utilities for Windows:
https://technet.microsoft.com/en-us/sysinternals/bb896649

Sysinternals Suite is the collection of Windows troubleshooting utilities:
https://technet.microsoft.com/en-us/sysinternals/bb842062

Tcpdump is the standard in network packet capture:
http://www.tcpdump.org/

Argus is a network data mining tool:
http://www.qosient.com/argus/

Openlv is a graphical tool for mounting raw disc images as VMWare virtual machines:
http://openlv.org/

dd, the Unix data copying and conversion tool:
https://en.wikipedia.org/wiki/Dd_%28Unix%29

The forensics Wiki:
http://forensicswiki.org/wiki/Main_Page

Issues with using live CDs for forensic analysis:
http://forensicswiki.org/wiki/Forensic_Live_CD_issues