This chapter presents a wide array of available tools for the performance of the first four INFOSEC Evaluation Methodology (IEM) baseline activities. There are a lot of options for each IEM activity for both the UNIX and Windows platforms. After reading this chapter, the evaluator should understand the IEM's requirements for the operation of tools and the evaluation goals for each activity. Many of these tools work together very well to provide a flexible and efficient solution. Limited testing can be performed very quickly, allowing the evaluator to perform secondary testing in critical areas based on his or her understanding of the system and common security weaknesses. Although this chapter focuses primarily on the introduction of tools to achieve the goals of each activity, no utility can make up for the knowledge and experience of the evaluator. A successful IEM engagement hinges on the evaluator's ability to recognize potential weaknesses in context with the criticality of the system being evaluated. The chapter also introduces the concept of system mapping.