Difference between pages "Ssdeep" and "Regimented Potential Incident Examination Report"
From Forensics Wiki
(Difference between pages)
m |
Pdxsharkey (Talk | contribs) m |
||
| Line 1: | Line 1: | ||
| − | {{ | + | {{Expand}} |
| − | + | == Description == | |
| − | + | The Regimented Potential Incident Examination Report ('''RPIER''' or '''RAPIER''') is script based [[Incident Response|incident response]] tool released under the [[:Category:GPL|GPL]] by [[Intel]]. It is a modular framework. | |
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| + | RAPIER is a windows NT based information gathering framework. It was designed to streamline the acquisition of information off of systems in a large scale enterprise network. It was designed with a pretty simple to use GUI so that end-users could be walked through execution of the tool on a system. | ||
| − | + | *Contact*: rapier.securitytool@gmail.com | |
| + | |||
| + | == Features == | ||
| + | * Modular Design - all information acquired is through individual modules | ||
| + | * Fully configurable GUI | ||
| + | * SHA1 verification checksums | ||
| + | * Auto-update functionality | ||
| + | * Results can be auto-zipped | ||
| + | * Auto-uploaded to central repository | ||
| + | * Email Notification when results are received | ||
| + | * 2 Default Scan Modes – Fast/Slow | ||
| + | * Separated output for faster analysis | ||
| + | * Pre/Post run changes report | ||
| + | * Configuration File approach | ||
| + | * Process priority throttling | ||
| + | |||
| + | === Information Acquired through RAPIER === | ||
| + | * complete list of running processes | ||
| + | * locations of those processes on disk | ||
| + | * ports those processes are using | ||
| + | * Checksums for all running processes | ||
| + | * Dump memory for all running processes | ||
| + | * All DLLS currently loaded and their checksum | ||
| + | * Capture last Modify/Access/Create times for designated areas | ||
| + | * All files that are currently open | ||
| + | * Net (start/share/user/file/session) | ||
| + | * Output from nbtstat and netstat | ||
| + | * Document all open shares/exports on system | ||
| + | * Capture current routing tables | ||
| + | * List of all network connections | ||
| + | * Layer3 traffic samples | ||
| + | * capture logged in users | ||
| + | * System Startup Commands | ||
| + | * MAC address | ||
| + | * List of installed services | ||
| + | * Local account and policy information | ||
| + | * Current patches installed on system | ||
| + | * Current AV versions | ||
| + | * Files with alternate data streams | ||
| + | * Discover files marked as hidden | ||
| + | * List of all installed software on system (known to registry) | ||
| + | * Capture system logs | ||
| + | * Capture of AV logs | ||
| + | * Copies of application caches (temporary internet files) – IE, FF, Opera | ||
| + | * Export entire registry | ||
| + | * Search/retrieve files based on search criteria. | ||
| + | |||
| + | |||
| + | |||
| + | |||
| + | == See Also == | ||
| + | |||
| + | [[List of Script Based Incident Response Tools]] | ||
== External Links == | == External Links == | ||
| − | * [http:// | + | * [http://code.google.com/p/rapier/ Official website]] |
| + | * [http://groups.google.com/group/rapier-development?hl=en Google Discussion Group]] | ||
| + | * [http://www.first.org/conference/2006/program/rapier_-_a_1st_responders_info_collection_tool.html Presentation at FIRST Conference 2006] | ||
| + | |||
| + | [[Category:Incident response tools]] | ||
Revision as of 18:27, 6 May 2007
|
|
Please help to improve this article by expanding it.
|
Contents |
Description
The Regimented Potential Incident Examination Report (RPIER or RAPIER) is script based incident response tool released under the GPL by Intel. It is a modular framework.
RAPIER is a windows NT based information gathering framework. It was designed to streamline the acquisition of information off of systems in a large scale enterprise network. It was designed with a pretty simple to use GUI so that end-users could be walked through execution of the tool on a system.
- Contact*: rapier.securitytool@gmail.com
Features
- Modular Design - all information acquired is through individual modules
- Fully configurable GUI
- SHA1 verification checksums
- Auto-update functionality
- Results can be auto-zipped
- Auto-uploaded to central repository
- Email Notification when results are received
- 2 Default Scan Modes – Fast/Slow
- Separated output for faster analysis
- Pre/Post run changes report
- Configuration File approach
- Process priority throttling
Information Acquired through RAPIER
- complete list of running processes
- locations of those processes on disk
- ports those processes are using
- Checksums for all running processes
- Dump memory for all running processes
- All DLLS currently loaded and their checksum
- Capture last Modify/Access/Create times for designated areas
- All files that are currently open
- Net (start/share/user/file/session)
- Output from nbtstat and netstat
- Document all open shares/exports on system
- Capture current routing tables
- List of all network connections
- Layer3 traffic samples
- capture logged in users
- System Startup Commands
- MAC address
- List of installed services
- Local account and policy information
- Current patches installed on system
- Current AV versions
- Files with alternate data streams
- Discover files marked as hidden
- List of all installed software on system (known to registry)
- Capture system logs
- Capture of AV logs
- Copies of application caches (temporary internet files) – IE, FF, Opera
- Export entire registry
- Search/retrieve files based on search criteria.
See Also
List of Script Based Incident Response Tools
