FACT - A Tool To Collect, Process And Visualise Forensic Data From Clusters Of Machines Running In The Cloud Or On-Premise

FACT is a tool to collect, process and visualise forensic data from clusters of machines running in the cloud or on-premise. Deployment For a basic single-node deployment, we recommend using Docker and Docker Compose. First, read docker-compose.yaml for configuration and requirements. Then, start...

Court Ruling on Forensic Data Breach Reporting Flying Under the Radar

One thing that may have flown under the radar in recent weeks is that a court has ruled that Capital One must allow plaintiffs to review a cybersecurity firm’s forensic report related to the bank’s 2019 data breach despite the bank’s protests that it is a protected legal document. You can read mo...

IR & Forensics in the Cloud

More and more organisations are moving their business to the cloud. This makes securing data and being able to respond effectively to incidents in cloud environments an important topic. Having the skills on hand to properly collect digital forensics data in response to a legal dispute or during a...

Contain Attacks in Real Time with Live Response in Cb Defense

Endpoint security is broken. Yes, you’ve heard it before - traditional, signature-based antivirus AV can’t keep up with the volume of new malware and advanced attack methods being developed by cyber criminals every day. And that’s absolutely true. But a report published last year highlights an ev...

Cb Defense October 2017 Release Speeds Up Your Response

During a response scenario, every minute counts. The faster you can complete your investigation, the faster you can start taking corrective action. That’s why this week we’re happy to announce the October 2017 update of Cb Defense, which improves search functionality within the Cb Defense console...

ir-rescue - A Windows Batch Script To Comprehensively Collect Host Forensic Data

ir-rescue is a lightweight Windows Batch script that collects a myriad of forensic data from 32-bit and 64-bit Windows systems while respecting the order of volatility and artifacts that are changed with the execution of the script e.g. , prefetch files. It is intended for incident response use a...

Windows Forensic Data Collection: IR-rescue

Windows Forensic Data Collection ir-rescue is a Windows Batch script that collects a myriad of forensic data from 32-bit and 64-bit Windows systems while respecting the order of volatility. It is intended for incident response use at different stages in the analysis and investigation process. It...

PowerShell Incident Response: Psrecon

Psrecon is an open source script that you can use to gather data from a remote Windows host using PowerShell v2 or later, organizes the data into folders, hashes all extracted data, hashes PowerShell and various system properties, and sends the data off to the security team. The data can be pushe...

Ditto Forensic FieldStation 2013Oct15a - Multiple Vulnerabilities

Exploit for php platform in category web applications 0 ======== Introduction / Background / Impact ======== In computer forensics http://en.wikipedia.org/wiki/Computerforensics one essential requirement is that evidence data does not get modified at all or not unnoticed, at least. Therefore IT...

DHS To Critical Infrastructure Owners: Hold On To Data After Cyber Attack

The Department of Homeland Security Is Offering Organizations That Use Industrial Control Systems advice or mitigating the effects of cyber attacks. Among the agency’s recommendations: hold on to data from infected systems and prevent enemies from moving within your organization. DHS’s Industrial...