While I was looking over my tools list, I noticed that I have not included a couple of tools that I use on a daily basis for reversing engineering malware.
The first one is Frank Boldewin’s OfficeMalScanner. OfficeMalScanner is a MS Office forensic tool to scan for malicious traces, like shellcode heuristics, PE-files or embedded OLE streams. It supports disassembly and hexview as well as an easy brute force mode to detect encrypted files.
And speaking of the PDF Tools, a friend of mine put together an Ubuntu ppa repository to easily add the PDF Tools to your Ubuntu workstation. To add the PDF Tools using his ppa do the following:
sudo apt-add-repository ppa:pi-rho/security
sudo apt-get update
sudo apt-get install pdf-tools
In addition to the PDF Tools, he has included nmap-5.35DC1, kismet-newcore, tshark 1.4.3, and wireshark 1.4.3.