These are commonly used tools that I like to keep on hand during investigations.
Ownership and respective rights are all retained by the original author. They are collected here for quick recovery. It is recommended to use the original source location to retrieve the latest versions.
Software Tools
Hash My Files X64 (Nirsoft) A great utility that adds a right click menu to quickly calculate hashes. I frequently use this in my sandboxes to perform initial file triage. HashMyFile Download
Exiftool is a small utility (made by Phil Harvey )that can read metadata and export it to a wide amount of output formats. I prefer to use it for metadata extraction to a CSV format, this also works when you are dealing with a large amount of files. The tiny .bat script attached will make Exiftool output the metadata of all the files in its directory to an excel sheet/csv. Exiftool Download
PEStudio (Winitor) A binary triage tool for Windows Executables of the PE type.
Allows for a quick first look to assess what I may be dealing with. PeStudio Download
Maltego (Paterva) A powerful graphing analysis tool with a free community tier.
Requires JAVA which is self-contained in the installer. Maltego Download
Templates
SANS Malware Analysis template by Anuj Soni. This is a great word template to register forensic evidence relating to malware. I use it as a structure for more extensive analysis. Download MA template
SANS CTI Analysis template by SANS. This template was released during one of the recent SANS CTI online summit’s, it provides a good structure for more descriptive (less technical) investigations. Download CTI Template
Cheat Sheets
SANS Windows Intrusion Discovery CheatSheet Download
SANS Linux Intrusion Discovery CheatSheet Download