Hi all, Happy new year!Â
Â
Not directly a forensic question but still within the DFIR bracket.Â
Â
What's everyone's experience with free/opensource Incident Response tools?Â
I've recently been playing with Kansa Powershell, Velociraptor and Cyber Triage for data collection and triaging but wanted to see what other tools people use.Â
Â
Any other recommended tools or techniques?
We used Cylr until recently and switched to Velociraptor a few months ago. Not in Client - Server architecture, but we built several editions (quick / normal / full [with memory dump]) and give them to our customers. Once Velociraptor finished, these customers upload the resulting zip file to our SFTP server.
Â
Velociraptor is free, well maintained, full of features and Michael Cohen makes a damn good job in supporting his tool. A loud and clear recommendation and two fistfuls of Kudos!
regards,
Robin
Â
Â
Â
I use PowerShell as its easy to deploy via EDR tools or/and pass to a sysadmin to run. I have written several scripts which do similar things to those you've already mentioned and they typically collect specific things I know will give me fast-time answers. There are soooo many now on GitHub, but I wanted to only use a limited amount of programs already built-in to Windows and limit the my footprint, which is why I opted for writing my own. I suggest have a go at writing your own and tailor them to your requirements!