Skadi v2019.3 releases: Collect, Process, and Hunt with host based data from MacOS, Windows, and Linux

Skadi is a free, open-source collection of tools that enable the collection, processing and advanced analysis of forensic artifacts and images. It scales to work effectively on laptops, desktops, servers, the cloud and can be installed on top of hardened / gold disk images.

Included Tools

The following tools are combined into one platform that all work together to provide everyone with the ability to collect data, convert the bits and bytes to words and numbers, and analyze the results quickly and easily. All of this enables the ability to rapidly hunt for host-based evidence of malicious activities.

  • Plaso
  • CDQR
  • CyLR
  • Docker
  • ElasticSearch, Logstash, Kibana (ELK)
  • Redis
  • Neo4j
  • Celery
  • Cerebro

Videos and Media

  • Alamo ISSA 2018 Slides: Reviews CCF-VM components, walkthrough of how to install GCP version and discuss automation possibilities and risks
  • SANS DFIR Summit 2017 Video: A talk about using CCF-VM for Digital Forensics and Incident Response (DFIR)
  • ISC2 Security Congress 2017 Slides: Another talk about using CCF-VM for Digital Forensics and Incident Response (DFIR)
  • DEFCON 25 4-hour Workshop 2017 Slides: Free and Easy DFIR Triage for Everyone
  • OSDFCON 2017 Slides: Walk-through different techniques that are required to provide forensics results for Windows and *nix environments (Including CyLR and CDQR)

Changelog v2019.3

System Changes

  • Added Yeti Threat Intelligence Open Source Project: https://github.com/yeti-platform/yeti
  • Updated Skadi Portal Start Page
    • Added Yeti (Threat Intelligence) link to portal
  • Updated Docker Stack
  • Modified Firewall and Nginx Reverse proxy configuration
    • Added Yeti configuration
  • Updated Digitally Signed Installer
    • Now includes installing Yeti
    • Small tweaks to Packer build

Kibana, TimeSketch, Cerebro Included

11 New Kibana Dashboards


TimeSketch


DownloadUsage

Skadi (formerly known as CyLR CDQR Forensics Virtual Machine (CCF-VM)) Copyright (C) 2018 Alan Orlikoski

Source: https://github.com/orlikoski/

Share