diff --git a/malware-analysis_ref_and_memo.md b/malware-analysis_ref_and_memo.md
index 9da7f2c..972cc42 100644
--- a/malware-analysis_ref_and_memo.md
+++ b/malware-analysis_ref_and_memo.md
@@ -1,4 +1,80 @@
# Tools
+
+### Static Analysis and Debug tools
+※空欄は調査中(更新予定)
+
+|name|disassembler|decompiler|debugger|reference|
+|:-|:-|:-|:-|:-|
+|IDA pro|〇|〇(Not free)|〇||||||
+|Binary Ninja|〇||||||||
+|Cutter|〇|r2dec,r2ghidra|native
gdb
windbg
etc.|[INTRO TO CUTTER FOR MALWARE ANALYSIS](https://malwology.com/2019/03/14/intro-to-cutter-for-malware-analysis/)
[megabeets.net](https://www.megabeets.net/?s=cutter)
[Cutter: Presenting r2ghidra Decompiler,r2con 2019](https://www.youtube.com/watch?v=eHtMiezr7l8&list=LLTk6-mAiILdt3V27uab14LA&index=8&t=0s)
+|||||
+|Ghidra|〇|〇|||||||
+|x64/x32dbg|〇|Snowman|〇||||||
+|WinDbg|〇||〇||||||
+|GDB|〇||〇||||||
+|objdump|〇|||
+|Snowman||〇|||||||
+
+|name|plugin|price|platform|remarks|
+|:-|:-|:-|:-|:-|
+|IDA pro|[Lighthouse](https://github.com/gaasedelen/lighthouse)|Not free|multi||||||
+|Binary Ninja|[Lighthouse](https://github.com/gaasedelen/lighthouse)|Not free|||||||
+|Cutter|[CutterDRcov](https://github.com/oddcoder/CutterDRcov)
[Jupyter Plugin for Cutter](https://github.com/radareorg/cutter-jupyter)
[x64dbgcutter](https://github.com/yossizap/x64dbgcutter)
[etc.](https://github.com/radareorg/cutter-plugins)|free|multi||||||
+|Ghidra|[pwndra](https://github.com/0xb0bb/pwndra)|free|multi||||||
+|x64/x32dbg|[DbgChild](https://github.com/David-Reguera-Garcia-Dreg/DbgChild)|free|windows||||||
+|WinDbg||free|windows|Kernel mode debugging possible|||||
+|GDB|gdbpeda
pwngdb|free|linux||||||
+|objdump||free|linux||
+|Snowman|||||||||
+
+### Tracer
+- [drltrace](https://github.com/DynamoRIO/drmemory/tree/master/drltrace)
+ - [DynamoRIO](https://github.com/DynamoRIO/dynamorio) based
+ - ライブラリトレーサ(Windows版ltrace)
+- [drstrace](http://drmemory.org/strace_for_windows.html)
+ - DynamoRIO based
+ - システムコールトレーサ(Windows版strace)
+- [memtrace](https://github.com/DynamoRIO/dynamorio/blob/master/api/samples/memtrace_simple.c)
+ - DynamoRIO based
+ - メモリトレーサ
+- [bbbuf](https://github.com/DynamoRIO/dynamorio/blob/master/api/samples/bbbuf.c)
+ - DynamoRIO based
+ - べーシックブロックトレーサ
+- [API Monitor](http://www.rohitab.com/apimonitor)
+ - GUI(Windows)
+ - APIコールを監視ツール
+
+### Instrumentation
+- [drcov](http://dynamorio.org/docs/page_drcov.html)
+ - DynamoRIO based
+ - カバレッジ計測
+ - drrun経由で実行
+```
+> drrun.exe -t drcov -- [program name] [arguments]
+```
+- Intel PIN
+
+### Traffic Analysis tools
+- Wireshark
+ - ref:
+ - [Wireshark Tutorial,Unit42(2019)](https://unit42.paloaltonetworks.com/tag/tutorial/)
+- tcpdump
+- scapy
+- [Fiddle](https://www.telerik.com/fiddler)
+ - Web Proxy debugger
+- [EKFiddle](https://github.com/malwareinfosec/EKFiddle)
+ - ref:
+ - [Malicious Traffic Analysis with EKFiddle(2019-03)](https://drive.google.com/file/d/1VhZyCiHgtDwcCh7cpVWMCTi9B_Nj66AC/view)
+- Burp Suite
+- Fake-net NG
+- INetSim
+- Noriben
+### Forensic
+- EQL
+- Sysinternals
+- Volatility
+ - malconfscan
### Online Sandbox
|name|site|remarks|
|:-|:-|:-|