Cookie Consent by Free Privacy Policy Generator ๐Ÿ“Œ Dissect - Digital Forensics, Incident Response Framework And Toolset That Allows You To Quickly Access And Analyse Forensic Artefacts From Various Disk And File Formats

๐Ÿ  Team IT Security News

TSecurity.de ist eine Online-Plattform, die sich auf die Bereitstellung von Informationen,alle 15 Minuten neuste Nachrichten, Bildungsressourcen und Dienstleistungen rund um das Thema IT-Sicherheit spezialisiert hat.
Ob es sich um aktuelle Nachrichten, Fachartikel, Blogbeitrรคge, Webinare, Tutorials, oder Tipps & Tricks handelt, TSecurity.de bietet seinen Nutzern einen umfassenden รœberblick รผber die wichtigsten Aspekte der IT-Sicherheit in einer sich stรคndig verรคndernden digitalen Welt.

16.12.2023 - TIP: Wer den Cookie Consent Banner akzeptiert, kann z.B. von Englisch nach Deutsch รผbersetzen, erst Englisch auswรคhlen dann wieder Deutsch!

Google Android Playstore Download Button fรผr Team IT Security



๐Ÿ“š Dissect - Digital Forensics, Incident Response Framework And Toolset That Allows You To Quickly Access And Analyse Forensic Artefacts From Various Disk And File Formats


๐Ÿ’ก Newskategorie: IT Security Nachrichten
๐Ÿ”— Quelle: kitploit.com


Dissect is a digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artefacts from various disk and file formats, developed by Fox-IT (part of NCC Group).

This project is a meta package, it will install all other Dissect modules with the right combination of versions. For more information, please see the documentation.


What is Dissect?

Dissect is an incident response framework build from various parsers and implementations of file formats. Tying this all together, Dissect allows you to work with tools named target-query and target-shell to quickly gain access to forensic artefacts, such as Runkeys, Prefetch files, and Windows Event Logs, just to name a few!

Singular approach

And the best thing: all in a singular way, regardless of underlying container (E01, VMDK, QCoW), filesystem (NTFS, ExtFS, FFS), or Operating System (Windows, Linux, ESXi) structure / combination. You no longer have to bother extracting files from your forensic container, mount them (in case of VMDKs and such), retrieve the MFT, and parse it using a separate tool, to finally create a timeline to analyse. This is all handled under the hood by Dissect in a user-friendly manner.

If we take the example above, you can start analysing parsed MFT entries by just using a command like target-query -f mft <PATH_TO_YOUR_IMAGE>!

Create a lightweight container using Acquire

Dissect also provides you with a tool called acquire. You can deploy this tool on endpoint(s) to create a lightweight container of these machine(s). What is convenient as well, is that you can deploy acquire on a hypervisor to quickly create lightweight containers of all the (running) virtual machines on there! All without having to worry about file-locks. These lightweight containers can then be analysed using the tools like target-query and target-shell, but feel free to use other tools as well.

A modular setup

Dissect is made with a modular approach in mind. This means that each individual project can be used on its own (or in combination) to create a completely new tool for your engagement or future use!

Try it out now!

Interested in trying it out for yourself? You can simply pip install dissect and start using the target-* tooling right away. Or you can use the interactive playground at https://try.dissect.tools to try Dissect in your browser.

Donโ€™t know where to start? Check out the introduction page.

Want to get a detailed overview? Check out the overview page.

Want to read everything? Check out the documentation.

Projects

Dissect currently consists of the following projects.

Related

These projects are closely related to Dissect, but not installed by this meta package.

Requirements

This project is part of the Dissect framework and requires Python.

Information on the supported Python versions can be found in the Getting Started section of the documentation.

Installation

dissect is available on PyPI.

pip install dissect

Build and test instructions

This project uses tox to build source and wheel distributions. Run the following command from the root folder to build these:

tox -e build

The build artifacts can be found in the dist/ directory.

tox is also used to run linting and unit tests in a self-contained environment. To run both linting and unit tests using the default installed Python version, run:

tox

For a more elaborate explanation on how to build and test the project, please see the documentation.



...



๐Ÿ“Œ Dissect: Open-source framework for collecting, analyzing forensic data


๐Ÿ“ˆ 52.43 Punkte

๐Ÿ“Œ Medium CVE-2021-41413: Ok-file-formats project Ok-file-formats


๐Ÿ“ˆ 43.51 Punkte

๐Ÿ“Œ Awesome Forensics Resources. Almost 300 open source forensics tools, and 600 blog posts about forensics.


๐Ÿ“ˆ 43.27 Punkte

๐Ÿ“Œ Google Rapid Response (GRR ) โ€“ Remote Live Forensics For Incident Response


๐Ÿ“ˆ 42.77 Punkte

๐Ÿ“Œ Google Rapid Response (GRR ) โ€“ Remote Live Forensics For Incident Response


๐Ÿ“ˆ 42.77 Punkte

๐Ÿ“Œ Guidance Software EnCase Forensic Imager/EnCase Forensic bis 7.10 Disk Image Handler Denial of Service


๐Ÿ“ˆ 41.73 Punkte

๐Ÿ“Œ Guidance Software EnCase Forensic Imager/EnCase Forensic bis 7.10 Disk Image Handler Denial of Service


๐Ÿ“ˆ 41.73 Punkte

๐Ÿ“Œ Guidance Software EnCase Forensic Imager/EnCase Forensic up to 7.10 Disk Image denial of service


๐Ÿ“ˆ 41.73 Punkte

๐Ÿ“Œ X Lossless Decoder 20230416 - Encode, transcode, and play various music file formats.


๐Ÿ“ˆ 37.65 Punkte

๐Ÿ“Œ ICS-Forensics-Tools - Microsoft ICS Forensics Framework


๐Ÿ“ˆ 35.65 Punkte

๐Ÿ“Œ NetWars! Let the SANS Tournaments commence: Compete and learn all about forensics, incident response, red teaming โ€“ and much more


๐Ÿ“ˆ 35.42 Punkte

๐Ÿ“Œ IRTriage - Incident Response Triage - Windows Evidence Collection For Forensic Analysis


๐Ÿ“ˆ 35.34 Punkte

๐Ÿ“Œ Enriching the World with Artefacts and Algorithms (PAIR UX Symposium 2018)


๐Ÿ“ˆ 34.32 Punkte

๐Ÿ“Œ โ€œIf organisations are hacked, they should stay calm and act quickly by instantly activating their incident response planโ€


๐Ÿ“ˆ 33.82 Punkte

๐Ÿ“Œ NEW FOR509: Enterprise Cloud Forensics & Incident Response - Beta coming June 2021


๐Ÿ“ˆ 33.79 Punkte

๐Ÿ“Œ NEW FOR509: Enterprise Cloud Forensics & Incident Response - Beta coming June 2021


๐Ÿ“ˆ 33.79 Punkte

๐Ÿ“Œ CM PDF & TIFF Page Extractor 4.3.7.3.682 - Extract and save PDF pages in various image formats.


๐Ÿ“ˆ 33.39 Punkte

๐Ÿ“Œ Decoder++ - An Extensible Application For Penetration Testers And Software Developers To Decode/Encode Data Into Various Formats


๐Ÿ“ˆ 33.39 Punkte

๐Ÿ“Œ EagleFiler 1.9.10 - Archive and search documents of various formats.


๐Ÿ“ˆ 33.39 Punkte

๐Ÿ“Œ Convert various formats (json,bson,yaml,csv,xml) to any output format using templates


๐Ÿ“ˆ 32.58 Punkte

๐Ÿ“Œ iOS Forensic Toolkit 2.50 Provides Forensic Extraction of Pictures and Videos from iOS Devices


๐Ÿ“ˆ 32.21 Punkte

๐Ÿ“Œ Guidance Software EnCase Forensic Imager/EnCase Forensic bis 7.10 ReiserFS Image Handler Heap-based Pufferรผberlauf


๐Ÿ“ˆ 31.4 Punkte

๐Ÿ“Œ Guidance Software EnCase Forensic Imager/EnCase Forensic bis 7.10 ReiserFS Image Handler Heap-based Pufferรผberlauf


๐Ÿ“ˆ 31.4 Punkte

๐Ÿ“Œ Guidance Software EnCase Forensic Imager/EnCase Forensic up to 7.10 ReiserFS Image Heap-based memory corruption


๐Ÿ“ˆ 31.4 Punkte

๐Ÿ“Œ Forensic Investigation: Autopsy Forensic Browser in Linux


๐Ÿ“ˆ 31.4 Punkte

๐Ÿ“Œ How to Install Spaceview Disk Space Analyzer (Disk Utility) in Ubuntu โ€“ A Best Disk Usage Indicator for Linux


๐Ÿ“ˆ 31 Punkte

๐Ÿ“Œ How to Analyse a PCAP file WITH XPLICO โ€“ Network Forensic Analysis Tool


๐Ÿ“ˆ 30.68 Punkte

๐Ÿ“Œ Globaler Incident Response Marktumfassender Forschungsbericht als PDF mit Analyse der ...


๐Ÿ“ˆ 30.37 Punkte











matomo