From Collaborative RCE Tool Library

Jump to: navigation, search

File Monitoring Tools


Tool name: SysAnalyzer
Rating: 5.0 (1 vote)
Author: David Zimmer (iDefense Labs)                        
Website: http://labs.idefense.com/files/labs/releases/previews/SysAnalyzer/
Current version:
Last updated: January 19, 2007
Direct D/L link: http://labs.idefense.com/software/download/?downloadID=15
License type: GPL2
Description: SysAnalyzer is an automated malcode run time analysis application that monitors various aspects of system and process states. SysAnalyzer was designed to enable analysts to quickly build a comprehensive report as to the actions a binary takes on a system. SysAnalyzer can automatically monitor and compare:

* Running Processes
* Open Ports
* Loaded Drivers
* Injected Libraries
* Key Registry Changes
* APIs called by a target process
* File Modifications
* HTTP, IRC, and DNS traffic

SysAnalyzer also comes with a ProcessAnalyzer tool which can perform the following tasks:

* Create a memory dump of target process
* parse memory dump for strings
* parse strings output for exe, reg, and url references
* scan memory dump for known exploit signatures

Full GPL source for SysAnalyzer is included in the installation package.
Also listed in: Disk Monitoring Tools, Registry Monitoring Tools, Network Monitoring Tools, Install Monitoring Tools, API Monitoring Tools, Memory Dumpers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: FileMon
Rating: 0.0 (0 votes)
Author: Mark Russinovich and Bryce Cogswell                        
Website: http://www.microsoft.com/technet/sysinternals/FileAndDisk/Filemon.mspx
Current version: 7.04
Last updated: November 1, 2006
Direct D/L link: N/A
License type: Free
Description: FileMon monitors and displays file system activity on a system in real-time. Its advanced capabilities make it a powerful tool for exploring the way Windows works, seeing how applications use the files and DLLs, or tracking down problems in system or application file configurations. Filemon's timestamping feature will show you precisely when every open, read, write or delete, happens, and its status column tells you the outcome. FileMon is so easy to use that you'll be an expert within minutes. It begins monitoring when you start it, and its output window can be saved to a file for off-line viewing. It has full search capability, and if you find that you're getting information overload, simply set up one or more filters.

Note:
Filemon and Regmon have been replaced by Process Monitor on versions of Windows starting with Windows 2000 SP4, Windows XP SP2, Windows Server 2003 SP1, and Windows Vista. Filemon and Regmon remain for legacy operating system support, including Windows 9x.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: LSOF
Rating: 0.0 (0 votes)
Author: Victor A. Abell                        
Website: http://people.freebsd.org/~abe/
Current version:
Last updated:
Direct D/L link: N/A
License type: Free / Open Source
Description: The lsof (LiSt Open Files) diagnostic and forensics tool lists information about any files that are open by processes currently running on the system. It can also list communications sockets open by each process.
Also listed in: Network Monitoring Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Process Monitor
Rating: 0.0 (0 votes)
Author: Mark Russinovich and Bryce Cogswell                        
Website: http://www.microsoft.com/technet/sysinternals/FileAndDisk/processmonitor.mspx
Current version: 2.7
Last updated: September 18, 2009
Direct D/L link: http://download.sysinternals.com/Files/ProcessMonitor.zip
License type: Free
Description: Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. It combines the features of two legacy Sysinternals utilities, Filemon and Regmon, and adds an extensive list of enhancements including rich and non-destructive filtering, comprehensive event properties such session IDs and user names, reliable process information, full thread stacks with integrated symbol support for each operation, simultaneous logging to a file, and much more. Its uniquely powerful features will make Process Monitor a core utility in your system troubleshooting and malware hunting toolkit.
Also listed in: Process Monitoring Tools, Registry Monitoring Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)


RSS feed Feed containing all updates and additions for this category.

RSS feed Feed containing all updates and additions for this category, including sub-categories.


Retrieved from "http://www.woodmann.com/collaborative/tools/index.php/Category:File_Monitoring_Tools"



Views
Category Navigation Tree
RCE Tools
   Categorized by Target Type  (176)
   Categorized by Tool Type  (973)
   Anti Anti Test Tools  (15)
   Assemblers  (15)
   Code Coverage Tools  (12)
   Code Injection Tools  (32)
   Code Ripping Tools  (2)
   Crypto Tools  (5)
   Data Extraction Tools  (19)
   Debuggers  (42)
   Decompilers  (20)
   Deobfuscation Tools  (11)
   Dependency Analyzer Tools  (5)
   Diff Tools  (29)
   Disassemblers  (45)
   Dongle Analysis Tools  (24)
   Exe Analyzers  (31)
   Firefox Extensions  (1)
   GUI Manipulation Tools  (15)
   Hardware Reversing Tools  (24)
   Hex Editors  (12)
   IDA Signature Creation Tools  (5)
   Kernel Tools  (12)
   Memory Data Tracing Tools  (6)
   Memory Patchers  (3)
   Memory Search Tools  (7)
   Monitoring Tools  (110)
   API Monitoring Tools  (17)
   Active Directory Monitoring Tools  (1)
   Bus Monitoring Tools  (5)
   Debug Output Monitoring Tools  (1)
   Disk Monitoring Tools  (2)
   Driver & IRP Monitoring Tools  (1)
   Exception Monitoring Tools  (4)
   File Monitoring Tools  (4)
   Hook Detection Tools  (12)
   Install Monitoring Tools  (3)
   Kernel Filter Monitoring Tools  (1)
   Memory Data Tracing Tools  (6)
   Named Pipe Monitoring Tools  (1)
   Network Monitoring Tools  (7)
   Parallel Comm Monitoring Tools  (2)
   Process Monitoring Tools  (5)
   Registry Monitoring Tools  (6)
   Serial Comm Monitoring Tools  (1)
   SysCall Monitoring Tools  (5)
   Thread Monitoring Tools  (2)
   Tracers  (17)
   USB Monitoring Tools  (3)
   Window Monitoring Tools  (3)
   Network Tools  (15)
   PE Executable Editors  (78)
   Packers  (16)
   Patch Packaging Tools  (7)
   Profiler Tools  (10)
   Programming Libraries  (31)
   Regular Expression Tools  (3)
   Resource Editors  (11)
   Reverse Engineering Frameworks  (7)
   Source Code Tools  (11)
   String Finders  (5)
   Symbol Tools  (11)
   System Information Extraction Tools  (7)
   Technical PoC Tools  (7)
   Test and Sandbox Environments  (16)
   Tool Extensions  (135)
   Tool Hiding Tools  (5)
   Tool Signatures  (21)
   Tracers  (17)
   Unpacking Tools  (58)
   Needs New Category  (1)