improve tools.yaml
This commit is contained in:
overcuriousity
parent
d8eb2b556b
commit
a3613327e2
2035
src/data/tools.yaml
2035
src/data/tools.yaml
File diff suppressed because it is too large
Load Diff
220
src/data/tools.yaml.example
Normal file
220
src/data/tools.yaml.example
Normal file
@ -0,0 +1,220 @@
|
||||
tools:
|
||||
- name: Rapid Incident Response Triage on macOS
|
||||
icon: 📋
|
||||
type: method
|
||||
description: >-
|
||||
Spezialisierte Methodik für die schnelle Incident Response auf
|
||||
macOS-Systemen mit Fokus auf die Sammlung kritischer forensischer
|
||||
Artefakte in unter einer Stunde. Adressiert die Lücke zwischen
|
||||
Windows-zentrierten IR-Prozessen und macOS-spezifischen
|
||||
Sicherheitsarchitekturen. Nutzt Tools wie Aftermath für effiziente
|
||||
Datensammlung ohne zeitaufwändige Full-Disk-Images. Besonders wertvoll für
|
||||
Unternehmensumgebungen mit gemischten Betriebssystem-Landschaften.
|
||||
domains:
|
||||
- incident-response
|
||||
- static-investigations
|
||||
- malware-analysis
|
||||
phases:
|
||||
- data-collection
|
||||
- examination
|
||||
platforms: []
|
||||
related_concepts: null
|
||||
related_software:
|
||||
- Aftermath
|
||||
domain-agnostic-software: null
|
||||
skillLevel: intermediate
|
||||
accessType: null
|
||||
url: >-
|
||||
https://www.sans.org/white-papers/rapid-incident-response-on-macos-actionable-insights-under-hour/
|
||||
projectUrl: null
|
||||
license: null
|
||||
knowledgebase: null
|
||||
tags:
|
||||
- macos
|
||||
- rapid-response
|
||||
- triage
|
||||
- incident-response
|
||||
- aftermath
|
||||
- enterprise
|
||||
- methodology
|
||||
- apple
|
||||
- name: Aftermath
|
||||
icon: 📦
|
||||
type: software
|
||||
description: >-
|
||||
Jamf's Open-Source-Tool für die schnelle Sammlung forensischer Artefakte
|
||||
auf macOS-Systemen. Sammelt kritische Daten wie Prozessinformationen,
|
||||
Netzwerkverbindungen, Dateisystem-Metadaten und Systemkonfigurationen ohne
|
||||
Full-Disk-Imaging. Speziell entwickelt für die Rapid-Response-Triage in
|
||||
Enterprise-Umgebungen mit macOS-Geräten. Normalisiert Zeitstempel und
|
||||
erstellt durchsuchbare Ausgabeformate für effiziente Analyse.
|
||||
domains:
|
||||
- incident-response
|
||||
- static-investigations
|
||||
- malware-analysis
|
||||
phases:
|
||||
- data-collection
|
||||
- examination
|
||||
platforms:
|
||||
- macOS
|
||||
related_concepts:
|
||||
- Hash Functions & Digital Signatures
|
||||
related_software: null
|
||||
domain-agnostic-software: null
|
||||
skillLevel: intermediate
|
||||
accessType: download
|
||||
url: https://github.com/jamf/aftermath/
|
||||
projectUrl: ''
|
||||
license: Apache 2.0
|
||||
knowledgebase: false
|
||||
tags:
|
||||
- macos
|
||||
- incident-response
|
||||
- triage
|
||||
- artifact-collection
|
||||
- rapid-response
|
||||
- jamf
|
||||
- enterprise
|
||||
- commandline
|
||||
- name: Regular Expressions (Regex)
|
||||
icon: 🔤
|
||||
type: concept
|
||||
description: >-
|
||||
Pattern matching language for searching, extracting, and manipulating
|
||||
text. Essential for log analysis, malware signature creation, and data
|
||||
extraction from unstructured sources. Forms the backbone of many forensic
|
||||
tools and custom scripts.
|
||||
domains:
|
||||
- incident-response
|
||||
- malware-analysis
|
||||
- network-forensics
|
||||
- fraud-investigation
|
||||
phases:
|
||||
- examination
|
||||
- analysis
|
||||
platforms: []
|
||||
related_concepts: null
|
||||
related_software: null
|
||||
domain-agnostic-software: null
|
||||
skillLevel: intermediate
|
||||
accessType: null
|
||||
url: https://regexr.com/
|
||||
projectUrl: null
|
||||
license: null
|
||||
knowledgebase: true
|
||||
tags:
|
||||
- pattern-matching
|
||||
- text-processing
|
||||
- log-analysis
|
||||
- string-manipulation
|
||||
- search-algorithms
|
||||
- name: SQL Query Fundamentals
|
||||
icon: 🗃️
|
||||
type: concept
|
||||
description: >-
|
||||
Structured Query Language for database interrogation and analysis.
|
||||
Critical for examining application databases, SQLite artifacts from
|
||||
mobile devices, and browser history databases. Enables complex
|
||||
correlation and filtering of large datasets.
|
||||
domains:
|
||||
- incident-response
|
||||
- mobile-forensics
|
||||
- fraud-investigation
|
||||
- cloud-forensics
|
||||
phases:
|
||||
- examination
|
||||
- analysis
|
||||
platforms: []
|
||||
related_concepts: null
|
||||
related_software: null
|
||||
domain-agnostic-software: null
|
||||
skillLevel: intermediate
|
||||
accessType: null
|
||||
url: https://www.w3schools.com/sql/
|
||||
projectUrl: null
|
||||
license: null
|
||||
knowledgebase: false
|
||||
tags:
|
||||
- database-analysis
|
||||
- query-language
|
||||
- data-correlation
|
||||
- mobile-artifacts
|
||||
- browser-forensics
|
||||
- name: Hash Functions & Digital Signatures
|
||||
icon: 🔐
|
||||
type: concept
|
||||
description: >-
|
||||
Cryptographic principles for data integrity verification and
|
||||
authentication. Fundamental for evidence preservation, malware
|
||||
identification, and establishing chain of custody. Understanding of MD5,
|
||||
SHA, and digital signature validation.
|
||||
domains:
|
||||
- incident-response
|
||||
- static-investigations
|
||||
- malware-analysis
|
||||
- cloud-forensics
|
||||
phases:
|
||||
- data-collection
|
||||
- examination
|
||||
platforms: []
|
||||
related_concepts: null
|
||||
related_software: null
|
||||
domain-agnostic-software: null
|
||||
skillLevel: advanced
|
||||
accessType: null
|
||||
url: https://en.wikipedia.org/wiki/Cryptographic_hash_function
|
||||
projectUrl: null
|
||||
license: null
|
||||
knowledgebase: false
|
||||
tags:
|
||||
- cryptography
|
||||
- data-integrity
|
||||
- evidence-preservation
|
||||
- malware-identification
|
||||
- chain-of-custody
|
||||
domains:
|
||||
- id: incident-response
|
||||
name: Incident Response & Breach-Untersuchung
|
||||
- id: static-investigations
|
||||
name: Datenträgerforensik & Ermittlungen
|
||||
- id: malware-analysis
|
||||
name: Malware-Analyse & Reverse Engineering
|
||||
- id: fraud-investigation
|
||||
name: Betrugs- & Finanzkriminalität
|
||||
- id: network-forensics
|
||||
name: Netzwerk-Forensik & Traffic-Analyse
|
||||
- id: mobile-forensics
|
||||
name: Mobile Geräte & App-Forensik
|
||||
- id: cloud-forensics
|
||||
name: Cloud & Virtuelle Umgebungen
|
||||
- id: ics-forensics
|
||||
name: Industrielle Kontrollsysteme (ICS/SCADA)
|
||||
phases:
|
||||
- id: data-collection
|
||||
name: Datensammlung
|
||||
description: Imaging, Acquisition, Remote Collection Tools
|
||||
- id: examination
|
||||
name: Auswertung
|
||||
description: Parsing, Extraction, Initial Analysis Tools
|
||||
- id: analysis
|
||||
name: Analyse
|
||||
description: Deep Analysis, Correlation, Visualization Tools
|
||||
- id: reporting
|
||||
name: Bericht & Präsentation
|
||||
description: >-
|
||||
Documentation, Visualization, Presentation Tools (z.B. QGIS für Geodaten,
|
||||
Timeline-Tools)
|
||||
domain-agnostic-software:
|
||||
- id: collaboration-general
|
||||
name: Übergreifend & Kollaboration
|
||||
description: Cross-cutting tools and collaboration platforms
|
||||
- id: specific-os
|
||||
name: Betriebssysteme
|
||||
description: Operating Systems which focus on forensics
|
||||
scenarios:
|
||||
- id: registry
|
||||
icon: 🗃️
|
||||
friendly_name: "Registry-Analyse"
|
||||
- id: memory-forensics
|
||||
icon: 🧠
|
||||
friendly_name: "Memory-Forensik"
|
||||
Loading…
x
Reference in New Issue
Block a user