Tuesday, 16 December 2014

Security & Forensics USB Swiss Knife (update)

In the past I have compiled a very similar post to detail the creation of a USB Swiss knife for security and forensic purposes... so since its been more than a year, time for an update!

Sill using YUMI, (if it aint broke don't fix it!) which makes the process very easy to complete. Quite a few of the ones below are not available so you want to add them as Unlisted ISOs (GRUB).

I will break the contents down into three main categories {bootables,incident-response,toolbox}

[ bootables ]

Dual Booting Win8.1PE x86 & x64
Gandalf's_Win8.1SE_x64_& _x86_dual_boot v1.1

AVG Rescue - A powerful toolset for rescue & repair of infected 
machines

Darik's Boot and Nuke - A hard drive disk wipe and data clearing utility
Legacy collection of useful utilities
Hiren's.BootCD.15.2

Kali linux - Penetration testing distro

One Kon-Boot pendrive to bypass Windows and Mac OSX authorization process.
Tails - The Amnesic Incognito Live System
DEFT (Digital Evidence & Forensic Toolkit) is a customised distribution of the Ubuntu live Linux CD.
Lightweight Portable Security (LPS) creates a secure end node from trusted media on almost any Intel-based computer (PC or Mac)

CAINE offers a complete forensic environment that is organized to integrate existing software tools as software modules and to provide a friendly graphical interface.

Kaspersky Rescue Disk 10 is designed to scan, disinfect and restore infected operating systems. It should be used when it is impossible to boot the operating system.
kav_rescue_10.iso

[ incident-response ]

CrowdInspect is a free community tool for Microsoft Windows systems that is aimed to help alert you to the presence of potential malware are on your computer that may be communicating over the network. It is a host-based process inspection tool utilizing multiple sources of information to detect untrusted or malicious network-active process.
http://www.crowdstrike.com/community-tools/


Crowd Response is a lightweight Windows console application designed to aid in the gathering of system information for incident response and security engagements. The application contains numerous modules, each of them invoked by providing specific command line parameters to the main application.
http://www.crowdstrike.com/community-tools/


SysInternals - The Sysinternals Troubleshooting Utilities have been rolled up into a single Suite of tools.
http://technet.microsoft.com/en-gb/sysinternals/bb842062.aspx

A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware.
http://processhacker.sourceforge.net/

[ toolbox ]


windows-binaries.zip
Its always handy to have those bins with you without having to boot up Kali... so go to your Kali box and:
cd /usr/share/
zip /root/windows-binaries.zip windows-binaries/

ProduKey is a small utility that displays the ProductID and the CD-Key of Microsoft Office (Microsoft Office 2003, Microsoft Office 2007), Windows (Including Windows 7 and Windows Vista), Exchange Server, and SQL Server installed on your computer. 


ESET SysInspector is an easy to use diagnostic tool that helps troubleshoot a wide range of system issues.
http://www.eset.com/int/support/sysinspector/

The Tor software protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world
https://www.torproject.org/projects/torbrowser.html.en

File Scavenger is a data recovery utility that supports multiple file-system types: NTFS, FAT 32/16/12, Ext3, Ext4, XFS, HFS+, HFSX, UFS1 and UFS2. Personal license is 54$ which for the range of filesystems it supports is not bad at all.

http://www.quetek.com/prod02.htm

VeraCrypt adds enhanced security to the algorithms used for system and partitions encryption making it immune to new developments in brute-force attacks.
https://veracrypt.codeplex.com/releases/view/132239

I think that's enough! I'd package it and have it here to download but just the logistics of getting permissions to "distribute" is giving me a headache.

Enjoy :) 

No comments:

Post a Comment