rr aspires to be your primary C/C++ debugging tool for Linux, replacing — well, enhancing — gdb. You record a failure once, then debug the recording, deterministically, as many times as you want. The same execution is replayed every time.

rr also provides efficient reverse execution under gdb. Set breakpoints and data watchpoints and quickly reverse-execute to where they were hit.

Have you ever been on a pentest, or troubleshooting a customer issue, and the "next step" was to capture packets on a Windows host?  Then you find that installing winpcap or wireshark was simply out of scope or otherwise not allowed on that SQL, Exchange, Oracle or other host?  It used to be that this is when we'd recommend installing Microsoft's Netmon packet capture utility, but even then lots of IT managers would hesitate about using the "install" word in association with a critical server.  Well, as they say in networking (and security as well), there's always another way, and this is that way.

"netsh trace" is your friend.  And yes, it does exactly what it sounds like it does.

Une liste de liens avec une petite description vers plein d'outils et de ressources utiles en matière de forensics notamment mais pas seulement.