Difference between pages "Regimented Potential Incident Examination Report" and "LiveDiscover"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
m
 
 
Line 1: Line 1:
{{Expand}}
+
'''LiveDiscover™ Forensic Edition''' [http://www.wetstonetech.com/cgi-bin/shop.cgi?view,4]
== Description ==
+
The Regimented Potential Incident Examination Report ('''RPIER''' or '''RAPIER''') is script based [[Incident Response|incident response]] tool released under the [[:Category:GPL|GPL]] by [[Intel]]. It is a modular framework.
+
  
RAPIER is a windows NT based information gathering framework. It was designed to streamline the acquisition of information off of systems in a large scale enterprise network. It was designed with a pretty simple to use GUI so that end-users could be walked through execution of the tool on a system.
+
==  ==
 +
LiveDiscover Forensic Edition (FE) is the premier tool for rapid full distributed network assessment and  mapping, which is a critical first step in any digital investigation. Designed for forensic investigators, LiveDiscover FE rapidly scans a range of IP addresses and generates comprehensive forensic reports including easy to view graphs on each located  device within the specified network. With the case management features, investigators can tailor reports and case details,making evidence court ready.  Built-in customization allows for the creation of modified vulnerability scripts making LiveDiscover FE field extensible.  
  
*Contact*: rapier.securitytool@gmail.com
 
  
== Features ==
+
'''Key Features:'''
* Modular Design - all information acquired is through individual modules
+
* Fully configurable GUI
+
* SHA1 verification checksums
+
* Auto-update functionality
+
* Results can be auto-zipped 
+
* Auto-uploaded to central repository
+
* Email Notification when results are received
+
* 2 Default Scan Modes – Fast/Slow
+
* Separated output for faster analysis
+
* Pre/Post run changes report
+
* Configuration File approach
+
* Process priority throttling
+
  
=== Information Acquired through RAPIER ===
+
Live forensic network discovery, Live forensic vulnerability assessment, Automatically identify operating systems including Windows, Unix, Linux, Mac, VMS, Novell, and Sunsystems, Remote detection of system status including running services, attached devices, and open shares, Forensically map communication devices, printers and more, Forensic detailed report generation
* complete list of running processes
+
* locations of those processes on disk
+
* ports those processes are using
+
* Checksums for all running processes
+
* Dump memory for all running processes
+
* All DLLS currently loaded and their checksum
+
* Capture last Modify/Access/Create times for designated areas
+
* All files that are currently open
+
* Net (start/share/user/file/session)
+
* Output from nbtstat and netstat
+
* Document all open shares/exports on system
+
* Capture current routing tables
+
* List of all network connections
+
* Layer3 traffic samples
+
* capture logged in users
+
* System Startup Commands
+
* MAC address
+
* List of installed services
+
* Local account and policy information
+
* Current patches installed on system
+
* Current AV versions
+
* Files with alternate data streams
+
* Discover files marked as hidden
+
* List of all installed software on system (known to registry)
+
* Capture system logs
+
* Capture of AV logs
+
* Copies of application caches (temporary internet files) – IE, FF, Opera
+
* Export entire registry
+
* Search/retrieve files based on search criteria.
+
  
  
 +
'''System Recommendations:'''
  
 +
Microsoft Windows® 2000, XP, Vista, 20 MB free disk space, 256 MB RAM, Pentium® III 1GHz processor
  
== See Also ==
 
  
[[List of Script Based Incident Response Tools]]
+
'''License:'''
  
== External Links ==
+
Single user license, Site licenses are available upon request
  
* [http://code.google.com/p/rapier/ Official website]]
 
* [http://groups.google.com/group/rapier-development?hl=en Google Discussion Group]]
 
* [http://www.first.org/conference/2006/program/rapier_-_a_1st_responders_info_collection_tool.html Presentation at FIRST Conference 2006]
 
  
[[Category:Incident response tools]]
+
----
 +
 
 +
'''Contact Information:'''
 +
 
 +
1-877-WETSTONE ext. 2
 +
 
 +
www.wetstonetech.com [https://www.wetstonetech.com/index.html]

Latest revision as of 14:10, 6 October 2009

LiveDiscover™ Forensic Edition [1]

LiveDiscover Forensic Edition (FE) is the premier tool for rapid full distributed network assessment and mapping, which is a critical first step in any digital investigation. Designed for forensic investigators, LiveDiscover FE rapidly scans a range of IP addresses and generates comprehensive forensic reports including easy to view graphs on each located device within the specified network. With the case management features, investigators can tailor reports and case details,making evidence court ready. Built-in customization allows for the creation of modified vulnerability scripts making LiveDiscover FE field extensible.


Key Features:

Live forensic network discovery, Live forensic vulnerability assessment, Automatically identify operating systems including Windows, Unix, Linux, Mac, VMS, Novell, and Sunsystems, Remote detection of system status including running services, attached devices, and open shares, Forensically map communication devices, printers and more, Forensic detailed report generation


System Recommendations:

Microsoft Windows® 2000, XP, Vista, 20 MB free disk space, 256 MB RAM, Pentium® III 1GHz processor


License:

Single user license, Site licenses are available upon request



Contact Information:

1-877-WETSTONE ext. 2

www.wetstonetech.com [2]