improve tools.yaml

src/data/tools.yaml.example

@@ -0,0 +1,220 @@
+tools:
+  - name: Rapid Incident Response Triage on macOS
+    icon: 📋
+    type: method
+    description: >-
+      Spezialisierte Methodik für die schnelle Incident Response auf
+      macOS-Systemen mit Fokus auf die Sammlung kritischer forensischer
+      Artefakte in unter einer Stunde. Adressiert die Lücke zwischen
+      Windows-zentrierten IR-Prozessen und macOS-spezifischen
+      Sicherheitsarchitekturen. Nutzt Tools wie Aftermath für effiziente
+      Datensammlung ohne zeitaufwändige Full-Disk-Images. Besonders wertvoll für
+      Unternehmensumgebungen mit gemischten Betriebssystem-Landschaften.
+    domains:
+      - incident-response
+      - static-investigations
+      - malware-analysis
+    phases:
+      - data-collection
+      - examination
+    platforms: []
+    related_concepts: null
+    related_software:
+      - Aftermath
+    domain-agnostic-software: null
+    skillLevel: intermediate
+    accessType: null
+    url: >-
+      https://www.sans.org/white-papers/rapid-incident-response-on-macos-actionable-insights-under-hour/
+    projectUrl: null
+    license: null
+    knowledgebase: null
+    tags:
+      - macos
+      - rapid-response
+      - triage
+      - incident-response
+      - aftermath
+      - enterprise
+      - methodology
+      - apple
+  - name: Aftermath
+    icon: 📦
+    type: software
+    description: >-
+      Jamf's Open-Source-Tool für die schnelle Sammlung forensischer Artefakte
+      auf macOS-Systemen. Sammelt kritische Daten wie Prozessinformationen,
+      Netzwerkverbindungen, Dateisystem-Metadaten und Systemkonfigurationen ohne
+      Full-Disk-Imaging. Speziell entwickelt für die Rapid-Response-Triage in
+      Enterprise-Umgebungen mit macOS-Geräten. Normalisiert Zeitstempel und
+      erstellt durchsuchbare Ausgabeformate für effiziente Analyse.
+    domains:
+      - incident-response
+      - static-investigations
+      - malware-analysis
+    phases:
+      - data-collection
+      - examination
+    platforms:
+      - macOS
+    related_concepts:
+      - Hash Functions & Digital Signatures
+    related_software: null
+    domain-agnostic-software: null
+    skillLevel: intermediate
+    accessType: download
+    url: https://github.com/jamf/aftermath/
+    projectUrl: ''
+    license: Apache 2.0
+    knowledgebase: false
+    tags:
+      - macos
+      - incident-response
+      - triage
+      - artifact-collection
+      - rapid-response
+      - jamf
+      - enterprise
+      - commandline
+  - name: Regular Expressions (Regex)
+    icon: 🔤
+    type: concept
+    description: >-
+      Pattern matching language for searching, extracting, and manipulating
+      text.  Essential for log analysis, malware signature creation, and data
+      extraction from  unstructured sources. Forms the backbone of many forensic
+      tools and custom scripts.
+    domains:
+      - incident-response
+      - malware-analysis
+      - network-forensics
+      - fraud-investigation
+    phases:
+      - examination
+      - analysis
+    platforms: []
+    related_concepts: null
+    related_software: null
+    domain-agnostic-software: null
+    skillLevel: intermediate
+    accessType: null
+    url: https://regexr.com/
+    projectUrl: null
+    license: null
+    knowledgebase: true
+    tags:
+      - pattern-matching
+      - text-processing
+      - log-analysis
+      - string-manipulation
+      - search-algorithms
+  - name: SQL Query Fundamentals
+    icon: 🗃️
+    type: concept
+    description: >-
+      Structured Query Language for database interrogation and analysis.
+      Critical for  examining application databases, SQLite artifacts from
+      mobile devices, and  browser history databases. Enables complex
+      correlation and filtering of large datasets.
+    domains:
+      - incident-response
+      - mobile-forensics
+      - fraud-investigation
+      - cloud-forensics
+    phases:
+      - examination
+      - analysis
+    platforms: []
+    related_concepts: null
+    related_software: null
+    domain-agnostic-software: null
+    skillLevel: intermediate
+    accessType: null
+    url: https://www.w3schools.com/sql/
+    projectUrl: null
+    license: null
+    knowledgebase: false
+    tags:
+      - database-analysis
+      - query-language
+      - data-correlation
+      - mobile-artifacts
+      - browser-forensics
+  - name: Hash Functions & Digital Signatures
+    icon: 🔐
+    type: concept
+    description: >-
+      Cryptographic principles for data integrity verification and
+      authentication.  Fundamental for evidence preservation, malware
+      identification, and establishing  chain of custody. Understanding of MD5,
+      SHA, and digital signature validation.
+    domains:
+      - incident-response
+      - static-investigations
+      - malware-analysis
+      - cloud-forensics
+    phases:
+      - data-collection
+      - examination
+    platforms: []
+    related_concepts: null
+    related_software: null
+    domain-agnostic-software: null
+    skillLevel: advanced
+    accessType: null
+    url: https://en.wikipedia.org/wiki/Cryptographic_hash_function
+    projectUrl: null
+    license: null
+    knowledgebase: false
+    tags:
+      - cryptography
+      - data-integrity
+      - evidence-preservation
+      - malware-identification
+      - chain-of-custody
+domains:
+  - id: incident-response
+    name: Incident Response & Breach-Untersuchung
+  - id: static-investigations
+    name: Datenträgerforensik & Ermittlungen
+  - id: malware-analysis
+    name: Malware-Analyse & Reverse Engineering
+  - id: fraud-investigation
+    name: Betrugs- & Finanzkriminalität
+  - id: network-forensics
+    name: Netzwerk-Forensik & Traffic-Analyse
+  - id: mobile-forensics
+    name: Mobile Geräte & App-Forensik
+  - id: cloud-forensics
+    name: Cloud & Virtuelle Umgebungen
+  - id: ics-forensics
+    name: Industrielle Kontrollsysteme (ICS/SCADA)
+phases:
+  - id: data-collection
+    name: Datensammlung
+    description: Imaging, Acquisition, Remote Collection Tools
+  - id: examination
+    name: Auswertung
+    description: Parsing, Extraction, Initial Analysis Tools
+  - id: analysis
+    name: Analyse
+    description: Deep Analysis, Correlation, Visualization Tools
+  - id: reporting
+    name: Bericht & Präsentation
+    description: >-
+      Documentation, Visualization, Presentation Tools (z.B. QGIS für Geodaten,
+      Timeline-Tools)
+domain-agnostic-software:
+  - id: collaboration-general
+    name: Übergreifend & Kollaboration
+    description: Cross-cutting tools and collaboration platforms
+  - id: specific-os
+    name: Betriebssysteme
+    description: Operating Systems which focus on forensics
+scenarios:
+  - id: registry
+    icon: 🗃️
+    friendly_name: "Registry-Analyse"
+  - id: memory-forensics
+    icon: 🧠
+    friendly_name: "Memory-Forensik"