In his most recent post, Guy asked "Are You a Hunter?". Here's one way to become one. Dave Hull has just published the Stafford release of his exemplary PowerShell DFIR tool, Kansa. For the uninitiated, Kansa is a modular incident response framework in Powershell.(PS v3 or higher preferred) that uses Powershell Remoting to run user contributed modules across hosts in an enterprise to collect data for use during incident response, breach hunts, or for building an environmental Per Dave's release notes for Stafford, Kansa.ps1 has several new command line parameters, including:
For more details you can read why Kansa's Stafford release is more capable, more forensically sound, and more flexible via Dave's TrustedSignal blog. From personal experience, in both work-place and lab environments, Kansa is well worth your time to review and adopt. Additional reference material follows: http://trustedsignal.blogspot.com/search/label/Kansa
|
Russ McRee 203 Posts ISC Handler Aug 17th 2015 |
Thread locked Subscribe |
Aug 17th 2015 6 years ago |
Another tool which is very useful to collect evidences remotely: MIG ("Mozilla InvestiGator")
(mig.mozilla.org/) |
Xme 687 Posts ISC Handler |
Quote |
Aug 17th 2015 6 years ago |
very cool, learning this just got entered in a fairly high spot on my todo list. thanks!
|
TuggDougins 37 Posts |
Quote |
Aug 18th 2015 6 years ago |
Sign Up for Free or Log In to start participating in the conversation!