Skadi: Collect, Process, and Hunt with host based data from MacOS, Windows, and Linux

Skadi

Skadi is a free, open-source collection of tools that enable the collection, processing and advanced analysis of forensic artifacts and images. It scales to work effectively on laptops, desktops, servers, the cloud and can be installed on top of hardened / gold disk images.

Included Tools

The tools are combined into one platform that all work together to provide the ability to collect data, convert the bits and bytes to words and numbers, and analyze the results quickly and easily. This enables the ability to rapidly hunt for host-based evidence of malicious activities quickly and accurately.

• CDQR
• CyberChef
• CyLR
• Docker
• ElasticSearch
• Glances
• Grafana
• Portainer
• Kibana
• Yeti
• Plaso
• TimeSketch

Videos and Media

• Alamo ISSA 2018 Slides: Reviews CCF-VM components, walkthrough of how to install GCP version and discuss automation possibilities and risks
• SANS DFIR Summit 2017 Video: A talk about using CCF-VM for Digital Forensics and Incident Response (DFIR)
• ISC2 Security Congress 2017 Slides: Another talk about using CCF-VM for Digital Forensics and Incident Response (DFIR)
• OSDFCON 2017 Slides: Walk-through different techniques that are required to provide forensics results for Windows and *nix environments (Including CyLR and CDQR)

Download & Usage

Skadi (formerly known as CyLR CDQR Forensics Virtual Machine (CCF-VM)) Copyright (C) 2018 Alan Orlikoski

Source: https://github.com/orlikoski/