- https://www.talosintelligence.com/
- http://www.brightcloud.com/tools/url-ip-lookup.php
- http://mxtoolbox.com/
- http://www.malwareurl.com/listing-urls.php
- http://www.malwaredomainlist.com/mdl.php
- https://malwr.com/
- https://www.deepviz.com/
- https://www.virustotal.com/#/home/upload
- https://www.hybrid-analysis.com/
- https://www.joesandbox.com/
- https://urlscan.io/
- http://urlquery.net/
- https://app.any.run/
- http://sysforensics.org/2014/01/know-your-windows-processes/
- http://www.irongeek.com/i.php?page=security/windows-forensics-registry-and-file-system-spots
- https://digital-forensics.sans.org/media/poster-windows-forensics-2016.pdf
- http://blog.talosintelligence.com/
- https://digital-forensics.sans.org/blog
- https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/wp-windows-management-instrumentation.pdf
- https://binaryforay.blogspot.com/2017/09/shellbags-explorer-0950-released.html
- https://otx.alienvault.com/
- ShimCache Parser - https://github.com/mandiant/ShimCacheParser
- SysInternals Suite - https://docs.microsoft.com/en-us/sysinternals/
- PEStudio - https://www.winitor.com/
- Volatility - http://www.volatilityfoundation.org/
- Rekall - http://www.rekall-forensic.com/
- Python - https://www.python.org/
- RegRipper - https://github.com/keydet89/RegRipper2.8
- Yara - https://virustotal.github.io/yara/
- CrypTool - https://www.cryptool.org/en/
- OfficeMalScanner - http://www.reconstructer.org/code.html
- OLEDump - https://blog.didierstevens.com/programs/oledump-py/
- Registry Explorer, amcache parser, jumplist parser - https://ericzimmerman.github.io/
- PDF Stream Dumper - https://zeltser.com/pdf-stream-dumper-malicious-file-analysis/
- Autopsy - https://www.sleuthkit.org/autopsy/
- Winjob Parser - https://github.com/yahoo/winjob
- CyberChef - https://gchq.github.io/CyberChef/
- Eric Zimmerman's Tool Set - https://ericzimmerman.github.io/#!index.md
- NTCore Explorer Suite - https://ntcore.com/?page_id=388
- HxD Editor - https://mh-nexus.de/en/hxd/