Organising, testing and keeping your tools updated. This is especially important if you collect any digital evidence which might be used in a civil or criminal process.
Currently I am taking the SANS Self Study course SANS 504 Hackers, Exploits and Techniques. The topic of tools came up on Day 1 with a focus on the following:
- Organise your tools before an incident occurs
- Test your tools
- Keep your tools updated
- Ensure tool integrity with Hash Codes
It got me thinking about organising my own toolset much more formally. I didn’t readily find templates on-line so I created my own and began working on my toolset. It might sound a little boring or digital based OCD but I think it will be highly useful nonetheless. Besides, I am tired of switching from one system to the next forgetting to copy something and loosing access to some tool or trying to open a tool when I really need it only to find it doesn’t work.
I went through my tools and organised my them into one location which is backed-up and performed the following steps:
- Checked the versions in my toolset against the most current version and updated as applicable
- Recorded via hyperlink the website locations and/or download location
- Verified the hash codes from the vendor if applicable or made my own if trusted
- Verified the tool worked
- Recorded the date added into the toolset (after verifying the tool worked)
- Recorded the tool release date
Example Security Software Tools List
I have uploaded a two-page tools list which lists some of the tools I personally use:
I also uploaded a completely blank Security Software Tools List template which you can download and customise for you or your organisation:
Please feel free to post any comments, questions or ideas!