#FastIR Collector
##Concepts
This tool collects different artefacts on live Windows and records the results in csv files. With the analyses of this artefacts, an early compromission can be detected.
## Requirements
- pywin32
- python WMI
- python psutil
- python yaml
- construct
- distorm3
- hexdump
- pytz
## Execution
- ./fastIR_x64.py -h for help
- ./fastIR_x64.py --packages all extract all artefacts without dump package artefacts
- ./fastIR_x64.py --packages dump --dump mft to extract MFT
- ./fastIR_x64.py --packages all --ouput_dir your_ouput_dir to set the directory output (by default is the current directory)
- ./fastIR_x64.py --profile you_file_profile to set your own profile extraction
## Packages
Packages Lists and Artefact
* fs
* IE History
* Named Pipes
* Prefetch
* Recycle-bin
* health
* ARP Table
* Drives list
* Network drives
* Networks Cards
* Processes
* Routes Tables
* Tasks
* Scheluded jobs
* Services
* Sessions
* Network Shares
* Sockets
* registry
* Installer Folders
* OpenSaveMRU
* Recents Docs
* Services
* Shellbags
* Autoruns
* USB History
* Userassists
* memory
* Clipboard
* dlls loaded
* Opened Files
* dump
* MFT we use AnalyseMFT for https://github.com/dkovar/analyzeMFT
* MBR
* RAM
* DISK
* FileCatcher
* based on mime type
* possibility to filter your search
* Yara Rules
The full documentation can be download here: https://github.com/SekoiaLab/Fastir_Collector/blob/master/documentation/FastIR_Documentation.pdf
A post about FastIR Collector and advanced Threats can be consulted here: http://www.sekoia.fr/blog/fastir-collector-on-advanced-threats
with the paper: http://www.sekoia.fr/blog/wp-content/uploads/2015/10/FastIR-Collector-on-advanced-threats_v1.4.pdf
没有合适的资源?快使用搜索试试~ 我知道了~
资源推荐
资源详情
资源评论
收起资源包目录
[ 应急响应工具箱 ] 信息收集工具.rar (159个子文件)
msvcp120d.dll 1.05MB
msvcr120.dll 948KB
msvcr120.dll 941KB
libregf.dll 880KB
msvcr100.dll 808KB
msvcp120d.dll 796KB
libregf.dll 767KB
boost_python-vc120-gd-1_55.dll 640KB
boost_python-vc120-gd-1_55.dll 459KB
CheckSignFromCat.dll 12KB
CheckSignFromCat.dll 10KB
FastIR_x64.exe 13.55MB
FastIR_x86.exe 13.16MB
.gitignore 41B
sekoia.ico 17KB
LICENSE 34KB
README.md 2KB
2015-10-29-HES-SEKOIA-FastIR Collector on advanced threats-v1.1.pdf 1.27MB
FastIR_Documentation.pdf 1.03MB
FastIR-Collector-on-advanced-threats_v1.5.pdf 1001KB
FastIR-Collector_v1.0_20160106_FR.pdf 762KB
FastIR-Collector_v1.0_20160106_EN.pdf 754KB
reg.py 33KB
mft.py 27KB
environment_settings.py 21KB
statemachine.py 18KB
utils.py 16KB
fs.py 15KB
main.py 13KB
mem.py 11KB
utils_rawstring.py 10KB
dump.py 8KB
mftsession.py 7KB
mbr.py 7KB
fileCatcher.py 6KB
registry_obj.py 6KB
windows2003ServerR2StateMachine.py 5KB
windows2003ServerStateMachine.py 5KB
windowsXPStateMachine.py 5KB
logs.py 5KB
PE.py 4KB
winpmem.py 4KB
windows2008ServerR2StateMachine.py 3KB
windows2012ServerR2StateMachine.py 3KB
windows2008ServerStateMachine.py 3KB
windows2012ServerStateMachine.py 3KB
settings_rawstring.py 3KB
windows10StateMachine.py 3KB
vss.py 3KB
factory.py 3KB
windows8_1StateMachine.py 3KB
windows7StateMachine.py 3KB
windows8StateMachine.py 3KB
windowsVistaStateMachine.py 3KB
settings.py 2KB
windows2012ServerR2Files.py 2KB
windows2012ServerFiles.py 2KB
windows8_1Files.py 2KB
windows2008ServerR2Files.py 2KB
windows8Files.py 2KB
windows7Files.py 2KB
windows2008ServerFiles.py 2KB
windows10Files.py 2KB
mftutils.py 2KB
windowsVistaFiles.py 2KB
disk_analysis.py 2KB
windows2003ServerR2Files.py 1KB
windows2003ServerFiles.py 1KB
windowsXPFiles.py 1KB
vbr.py 1012B
intel.py 959B
windowsXPFiles.py 866B
archives.py 752B
__init__.py 739B
hook-cachedns.py 724B
bitparse.py 677B
windows2012ServerR2Files.py 673B
windows2012ServerFiles.py 667B
windows2008ServerR2Files.py 663B
windows2008ServerFiles.py 657B
windows8_1Files.py 646B
windows10Files.py 643B
windows8Files.py 640B
windows7Files.py 640B
listfiles.py 485B
windows2003ServerR2Files.py 483B
windows2008ServerR2Users.py 479B
windows2012ServerR2Users.py 479B
windows2003ServerR2Users.py 477B
windows2003ServerFiles.py 475B
windows2012ServerUsers.py 473B
windows2012Users.py 473B
windows2008ServerUsers.py 473B
windows2003ServerUsers.py 471B
windowsVistaUsers.py 456B
windows8_1Users.py 452B
windows10Users.py 449B
windowsXPUsers.py 447B
windows7Users.py 446B
windows8Users.py 446B
共 159 条
- 1
- 2
资源评论
_PowerShell
- 粉丝: 5w+
- 资源: 83
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
最新资源
- QuestionTwo.java
- QuestionOne.java
- OA办公自动化管理系统(Struts1.2+Hibernate3.0+Spring2+DWR).rar
- 简历-求职简历-word-文件-简历模版免费分享-应届生-高颜值简历模版-个人简历模版-简约大气-大学生在校生-求职-实习
- 南京邮电大学数学实验:熟练掌握 Matlab 软件的基本命令和操作
- 简历-求职简历-word-文件-简历模版免费分享-应届生-高颜值简历模版-个人简历模版-简约大气-大学生在校生-求职-实习
- 2017校招真题校园招聘真题算法题(37道)Python源码.zip
- 基于单片机protues仿真的多功能自动饮水机系统设计(仿真图、源代码、演示视频)
- 论文《一种修复流程挖掘事件日志中缺失活动标签的深度学习方法》翻译
- 智慧电厂相关资料发电控制的方式
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功