Showing posts with label cbresponse. Show all posts
Showing posts with label cbresponse. Show all posts

Sunday, September 1, 2019

Free / Community - Triage Analysis Tools - FireEye / Crowdstrike

Compromise Assessment / Triage Analysis Tools :

Two best tools to do the triage analysis , once the system is suspect for compromise. 

             

  • Redline - FireEye

  •  CrowdResponse - CrowdStrike


Redline:
           FireEye's premier free endpoint security tool, provides host investigative capabilities to users to find signs of malicious activity through memory and file analysis and the development of a threat assessment profile.


With Redline, you can:
  • Thoroughly audit and collect all running processes and drivers from memory, file-system metadata, registry data, event logs, network information, services, tasks and web history.
  • Analyze and view imported audit data, including the ability to filter results around a given timeframe using Redline’s Timeline functionality with the TimeWrinkle™ and TimeCrunch™ features.
  • Streamline memory analysis with a proven workflow for analyzing malware based on relative priority.
  • Perform Indicators of Compromise (IOC) analysis. Supplied with a set of IOCs, the Redline Portable Agent is automatically configured to gather the data required to perform the IOC analysis and an IOC hit result review.


Redline version 1.20.2 introduces support for large file and registry audits. Redline has also been improved to address issues related to efficiency and memory management.
  • Supported Operating Systems: Windows XP, Windows Vista, Windows 7, Windows 8 (32-bit and 64-bit), Windows 10
  • File Size: 76 MB
  • Integrity Hashes:
    • MD5: 2edb1d0e023f286ea5015cdf1382d642
    • SHA-1: e38fe8cc81dc5491d38b61db0fff165cdd3ed35d
     
Download Link :

https://www.fireeye.com/content/dam/fireeye-www/services/freeware/sdl-redline.zip

CrowdResponse: 
                          Static Host Data Collection Tool.

                                    There is no installer for this tool. Simply unzip the contents of the downloaded ZIP file into a location of your choosing and launch it directly from there. Similarly for uninstalling; simply delete the file(s) you extracted by moving them to the Recycle Bin or permanently deleting them. It is possible there may be a very small number of elements that remain in the Registry.


There can be safely ignored or manually deleted by using a registry editing tool (e.g. regedit) and navigating to HKEY_LOCAL_MACHINE\Software\\CrowdStrike or HKEY_CURRENT_USER\Software\CrowdStrike and noting the name of the tool there and removing the branch.

Hashes:

  • MD5 c94edf14e5e1b205813b949b7904b95e

  • SHA1 bf48a7c0e32fd8f67b11eebb69f836a60de2f9e1

  • SHA256 3b5f07d83af34f16f79f8cc1f77d6a0827d7dee57a4be8f667767ce325ac5d00

Download Link :

https://www.crowdstrike.com/wp-content/community-tools/CrowdResponse.zip