On the box with the suspicious application/code:
- Procmon
- Regshot (compare before/after)
- tcpview
- wireshark
Code Analysis
- OllyDbg
- OllyDump
- IDA Pro
- BinText/Strings
- Hex Fiend (OSX)
- Hex Edit (Windows)
- vi with xxd (Linux) ":%!xxd" to switch into hex mode in command mode and ":%!xxd -r" to return
- Insert Stego finder app
Distrobutions
- REMux
- SANS Investigative Forensic Toolkit (SIFT)
- CucktooBox - S/W that Installs on Windows XP
External Services
- Virus Total
- Anubis
- GFI Sandbox (formally CW Sandbox)
- Norman Sandbox
Resource Sites
- OpenRCE Articles
- LordPE has been discontinued, but it was good. it seems the last update was in 2009
- Explorer Suite
Memory Forensics
- Volatility - Memory Forensics Python Scripts
- Volatility Commands - Volatility Command Help
- SANS Memory Forensics cheat Sheet