CrowdResponse – Forensics Data Collection Tool

0
0

Forensics is becoming more and more automated and in some organization you can find several teams will be involved in investigating analyzing and resolving an attack. Technology changed the time of response from several hours to requirement to detect an incident withing few minutes or instantly. You can find teams that are working on detecting Web intrusions, teams will be working on the network attack side and other teams are responsible on investigating operating system level incident. If you are looking to analyze and evaluate OS based intrusion you can check CrowdResponse.

CrowdResponse is an automated tool that will allow you to gather system information for incident response and security engagements.The tool may cover windows based operating system or MAC OSX. some of the information that can be collected with this utility is:

  • Directory listing including folders and subfolders.
  • Drivers listing.
  • Process handles listing.
  • List all processes.
  • Extract strings from the memory of running processes.
  • Extract registry key and value information.
  • Registry files.
  • YARA Rules scan
CrowdResponse - Forensics Data Collection Tool

CrowdResponse – Forensics Data Collection Tool

There is no installer for this tool. Simply unzip the contents of the downloaded ZIP file into a location of your choosing and launch it directly from there. Similarly for uninstalling; simply delete the file(s) you extracted by moving them to the Recycle Bin or permanently deleting them. It is possible there may be a very small number of elements that remain in the Registry. There can be safely ignored or manually deleted by using a registry editing tool (e.g. regedit) and navigating to HKEY_LOCAL_MACHINE\Software\\CrowdStrike or HKEY_CURRENT_USER\Software\CrowdStrike and noting the name of the tool there and removing the branch.

You can read more and download this tool over here: https://www.crowdstrike.com/resources/community-tools/crowdresponse/

Share