Career Technology Cyber Security INDIA

 Rekall – Memory Forensic Framework Rekall is a memory forensic framework that provides an end-to-end solution to incident responders and forensic analysts. From state of the art acquisition tools, to the most advanced open source memory analysis framework. What is Rekall? Image result for Rekall – Memory Forensic Framework What is Rekall? Rekall is an advanced forensic and incident response framework. While it began life purely as a memory forensic framework, it has now evolved into a complete platform. How do you run Rekall? 1. Installation .Simply type (for example on Linux): $ virtualenv /tmp/MyEnv New python executable in /tmp/MyEnv/bin/python Installing setuptools, pip...done. $ ... .To have all the dependencies installed. You still need to have python and pip installed first. ... .$ pip install rekall-gui. It strives to be a complete end-to-end memory forensic framework, encapsulating acquisition, analysis, and reporting. In particular Rekall is the only memory analysis plat...

 FastIR Collector – Windows Incident Response Tool FastIR Collector is a “Fast Forensic” acquisition tool. Traditional forensics has reached its limit with the constant evolution of information technology. With the exponentially growing size of hard drives, their copy can take several hours, and the volume of the data may be too large for a fast and efficient analysis. “Fast Forensic” allows to respond to those issues. It aims a extracting a limited, but with high informational value, amount of data. These targeted data are the most consistent and important ones for an incident response analyst and allows the analyst to quickly collect artifacts and thus, to be able to quickly take decisions about cases. FastIR Collector is Windows incident response tool that offers the possibility to extract classic artefacts such as memory dump, auto-started software, MFT, MBR, Scheduled tasks, Services and records the results in csv files. The tool can also perform smart acquisitions thanks to t...

 GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR client is deployed on systems that one might want to investigate. On every such system, once deployed, GRR client periodically polls GRR frontend servers for work. "Work" means running a specific action: downloading file, listing a directory, etc. GRR server infrastructure consists of several components (frontends, workers, UI servers) and provides web-based graphical user interface and an API endpoint that allows analysts to schedule actions on clients and view and process collected data. Remote forensics at scale GRR was built to run at scale so that analysts are capable of effectively collecting and processing data from large numbers of machines. GRR was built with following scenar...

 Web Application Log Forensics After a Hack Sites get hacked, it’s not pleasant but it happens. A critical part of it, especially in my experience, has been the web application log forensics applied directly after an attack. You can usually piece together what happened, especially if the attacker doesn’t rotate IP addresses during the attack. With a little poking around and after creating a timeline, you can usually figure out what the entry point was and where the flaw in your site/software is. It’s a critical skill to learn and a great reason to have all your logs turned on, all the time as verbose as your server and storage can handle it. This article from Acunetix walks you through some of the things to look for, and the flow to use when examining a server post-attack. Nowadays, web applications are popular targets for security attackers. Using specific security mechanisms, we can prevent or detect a security attack on a web application, but we cannot find out the criminal who ...

 Memhunter – Automated Memory Resident Malware Detection Memhunter is an Automated Memory Resident Malware Detection tool for the hunting of memory resident malware at scale, improving the threat hunter analysis process and remediation times. It’s a self contained binary that can be deployed and managed at scale, does not use memory dumps and relies purely on memory inspection to do its work. It also does not require any complex infrastructure to deploy. The tool was designed as a replacement of memory forensic volatility plugins such as malfind and hollowfind. The idea of not requiring memory dumps helps on performing the memory resident malware threat hunting at scale, without manual analysis, and without the complex infrastructure needed to move dumps to forensic environments. Memhunter in a nutshell: It is an standalone binary that gets itself deployed as a windows service It uses a set of memory inspection heuristics and ETW data collection to find footprints left by common in...

 Dumpzilla In essence, Dumpzilla is a Python 3 script designed for extracting data from popular web browsers: Firefox, Seamonkey, and Iceweasel. It’s compatible with both Windows and Unix-based operating systems, thus making it one of the most flexible free open source forensic tools that’s geared towards a specific purpose. What is Dumpzilla forensic tool? Dumpzilla: a forensic tool to extract information from browsers based on Firefox. Dumpzilla is a Python 3 script developed to extract artifacts from Firefox, Iceweasel and Seamonkey browsers, useful durgin a forensic analysis. It works in command line under Unix and Windows 32/64 bits systems. What is Dumpzilla in Kali? Dumpzilla application is developed in Python 3. x and has as purpose extract all forensic interesting information of Firefox, Iceweasel and Seamonkey browsers to be analyzed. Due to its Python 3. x development, might not work properly in old Python versions, mainly with certain characters. Dumpzilla application i...