Rootkit檢測: http://www.f-secure.com/blacklight/
啟動途徑檢測: http://www.hijackfree.com/en/
線上掃毒:
BitDefender: http://www.bitdefender.com/scan8/ie.html
CA Virus Scanner : http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
F-Secure Virus Scanner: http://support.f-secure.com/enu/home/ols.shtml
Kaspersky Virus Scanner: http://www.kaspersky.com/virusscanner
McAfee Scanner : http://us.mcafee.com/root/mfs/default.asp
Panda Scanner: http://www.pandasoftware.com.tw/freescan/activescan.htm
Symantec Scanner: http://security.symantec.com/ssc/vc_scan.asp
Trend Micro : http://housecall.trendmicro.com/
Ewido anti-spyware(針對Spyware): http://www.ewido.net/en/onlinescan/
遞交單一可疑程式
Virustotal(建議首選) http://www.virustotal.com/
Jotti's Malware Scan: http://virusscan.jotti.org/
其他工具
Attributemagic搜尋檔案建立、修改、存取時間 http://www.attributemagic.com/index.html
Event Log Explorer轉助搜尋、瀏覽系統事件 http://www.eventlogxp.com/
FileMon與RegMon即時監看檔案與機碼存取狀態 http://www.microsoft.com/technet/sysinternals/utilitiesindex.mspx
Regscanner主機機碼進階搜尋工具 http://www.nirsoft.net/utils/regscanner.html
RegShot 比對機碼差異之快照工具 http://www.snapfiles.com/get/regshot.html
Winhex 檔案靜態分析工具: http://www.x-ways.net/winhex/
MD5Checker 檢查檔案HASH值(MD5/SHA1): http://www.georgejopling.co.uk/
FinalData 挽救已刪除檔案(not FREE): http://www.finaldata.com
ServiceWin檢查系統driver與service工具 http://www.nirsoft.net/utils/serviwin.zip
IE HistoryView查看特定使用者之IE連線紀錄 http://www.nirsoft.net/utils/iehv.zip
EventCombMT: http://www.microsoft.com/downloads/details.aspx?displaylang=en&familyid=7af2e69c-91f3-4e63-8629-b999adde0b9e
Virustotal可上傳可疑檔案進行多種防毒引擎檢測: http://www.virustotal.com
Sysinternal Tools(提供多種實用檢測工具): http://www.microsoft.com/technet/sysinternals/
Foundstone提供多種免費鑑識工具: http://www.foundstone.com/resources/freetools.htm
NirSoft提供眾多網路與系統免費工具 : http://www.nirsoft.net/
Archive.org檢視historial site資料: http://www.archive.org
數位鑑識套裝軟體
Helix CD用於live Forensics提供近40種鑑識相關工具 : http://www.e-fense.com/helix/
EnCase : http://www.guidancesoftware.com/
全站熱搜
留言列表
