Difference between revisions of "Regimented Potential Incident Examination Report"
From ForensicsWiki
m (Fixed GPL Link) |
Joachim Metz (Talk | contribs) |
||
(8 intermediate revisions by 3 users not shown) | |||
Line 1: | Line 1: | ||
{{Expand}} | {{Expand}} | ||
+ | {{Infobox_Software | | ||
+ | name = RAPIER | | ||
+ | maintainer = Rapier project | | ||
+ | os = {{Windows}} | | ||
+ | genre = {{Incident response}} | | ||
+ | license = {{LGPL}} | | ||
+ | website = [https://code.google.com/p/rapier/ code.google.com/p/rapier/] | | ||
+ | }} | ||
+ | |||
+ | == Description == | ||
The Regimented Potential Incident Examination Report ('''RPIER''' or '''RAPIER''') is script based [[Incident Response|incident response]] tool released under the [[:Category:GPL|GPL]] by [[Intel]]. It is a modular framework. | The Regimented Potential Incident Examination Report ('''RPIER''' or '''RAPIER''') is script based [[Incident Response|incident response]] tool released under the [[:Category:GPL|GPL]] by [[Intel]]. It is a modular framework. | ||
+ | |||
+ | RAPIER is a [[Windows]] NT based information gathering framework. It was designed to streamline the acquisition of information off of systems in a large scale enterprise network. It was designed with a pretty simple to use GUI so that end-users could be walked through execution of the tool on a system. | ||
+ | |||
+ | Contact: rapier.securitytool@gmail.com | ||
+ | |||
+ | == Features == | ||
+ | |||
+ | * Modular Design - all information acquired is through individual modules | ||
+ | * Fully configurable GUI | ||
+ | * [[SHA1]] verification checksums | ||
+ | * Auto-update functionality | ||
+ | * Results can be auto-zipped | ||
+ | * Auto-uploaded to central repository | ||
+ | * Email Notification when results are received | ||
+ | * 2 Default Scan Modes – Fast/Slow | ||
+ | * Separated output for faster analysis | ||
+ | * Pre/Post run changes report | ||
+ | * Configuration File approach | ||
+ | * Process priority throttling | ||
+ | |||
+ | === Information Acquired through RAPIER === | ||
+ | |||
+ | * Complete list of running processes | ||
+ | * Locations of those processes on disk | ||
+ | * Ports those processes are using | ||
+ | * Checksums for all running processes | ||
+ | * Memory dumps for all running processes | ||
+ | * All DLLS currently loaded and their checksum | ||
+ | * Last Modify/Access/Create times ([[MAC times]]) for designated areas | ||
+ | * All files that are currently open | ||
+ | * Net (start/share/user/file/session) | ||
+ | * Output from nbtstat and [[netstat]] | ||
+ | * All open shares/exports on system | ||
+ | * Current routing tables | ||
+ | * List of all network connections | ||
+ | * Layer3 traffic samples | ||
+ | * Logged in users | ||
+ | * System Startup Commands | ||
+ | * [[MAC address]] | ||
+ | * List of installed services | ||
+ | * Local account and policy information | ||
+ | * Current patches installed on system | ||
+ | * Current AV versions | ||
+ | * Files with alternate data streams (ADS) | ||
+ | * Files marked as hidden | ||
+ | * List of all installed software on system (known to registry) | ||
+ | * System logs | ||
+ | * AV logs | ||
+ | * Copies of application caches (temporary internet files) – [[Internet Explorer|IE]], [[Mozilla Firefox|FF]], [[Opera]] | ||
+ | * Export entire registry | ||
+ | * Search/retrieve files based on search criteria. | ||
== See Also == | == See Also == | ||
Line 9: | Line 70: | ||
== External Links == | == External Links == | ||
− | * [http:// | + | * [http://code.google.com/p/rapier/ Official website] |
+ | * [http://groups.google.com/group/rapier-development?hl=en Google Discussion Group] | ||
* [http://www.first.org/conference/2006/program/rapier_-_a_1st_responders_info_collection_tool.html Presentation at FIRST Conference 2006] | * [http://www.first.org/conference/2006/program/rapier_-_a_1st_responders_info_collection_tool.html Presentation at FIRST Conference 2006] |
Latest revision as of 09:52, 18 January 2014
Please help to improve this article by expanding it.
|
RAPIER | |
---|---|
Maintainer: | Rapier project |
OS: | Windows |
Genre: | Incident Response |
License: | LGPL |
Website: | code.google.com/p/rapier/ |
Contents
Description
The Regimented Potential Incident Examination Report (RPIER or RAPIER) is script based incident response tool released under the GPL by Intel. It is a modular framework.
RAPIER is a Windows NT based information gathering framework. It was designed to streamline the acquisition of information off of systems in a large scale enterprise network. It was designed with a pretty simple to use GUI so that end-users could be walked through execution of the tool on a system.
Contact: rapier.securitytool@gmail.com
Features
- Modular Design - all information acquired is through individual modules
- Fully configurable GUI
- SHA1 verification checksums
- Auto-update functionality
- Results can be auto-zipped
- Auto-uploaded to central repository
- Email Notification when results are received
- 2 Default Scan Modes – Fast/Slow
- Separated output for faster analysis
- Pre/Post run changes report
- Configuration File approach
- Process priority throttling
Information Acquired through RAPIER
- Complete list of running processes
- Locations of those processes on disk
- Ports those processes are using
- Checksums for all running processes
- Memory dumps for all running processes
- All DLLS currently loaded and their checksum
- Last Modify/Access/Create times (MAC times) for designated areas
- All files that are currently open
- Net (start/share/user/file/session)
- Output from nbtstat and netstat
- All open shares/exports on system
- Current routing tables
- List of all network connections
- Layer3 traffic samples
- Logged in users
- System Startup Commands
- MAC address
- List of installed services
- Local account and policy information
- Current patches installed on system
- Current AV versions
- Files with alternate data streams (ADS)
- Files marked as hidden
- List of all installed software on system (known to registry)
- System logs
- AV logs
- Copies of application caches (temporary internet files) – IE, FF, Opera
- Export entire registry
- Search/retrieve files based on search criteria.
See Also
List of Script Based Incident Response Tools