IREC – IR Evidence Collector

0
0

Incident handling process can take different scenarios and among each case or attack you will be required to have a special tool to analyze and get answers to uncover related attack. An important way to get ready is to prepare VMs and programs with labs where you will test each of them and verify the functionality for your tools and programs. A free software you can use is IREC an IR Evidence Collector.

IREC is an all-in-one Evidence Collector which lets you collect critical evidence from a live system. some of the advantages are:

  • Complete. Collects RAM Image, $MFT as CSV, Event Logs, Hibernation Info, DNS Cache and much more,
  • Portable. No installation required,
  • Compatible. Supports all 32 and 64 bit Windows versions starting from XP,
  • User Friendly. Creates easy to share HTML and JSON reports,
  • Lightning Fast. It collects them all in a few minutes!
  • Scriptable. Supports YARA with IR oriented modules.
IREC – IR Evidence Collector

IREC – IR Evidence Collector

Latest release have the following improvement:

  • YARA support for Triage and IoC Scanning
  • syntax highlighting editor for Yara Rules
  • auto complete support for all Yara modules (version 3.8.1)
  • auto module import logic into rule editor
  • YARA rule tags to report (credits Halil ÖZTÜRKCİ)
  • support for old registry hives from Windows.old directory (credits Kaan GÜNDÜZ)
  • collection time counter to UI
  • support for enumerating multiple AV products (credits Mehmet GÖKSU)
  • support for Windows 10 VBS (credits Bekir KARUL)
  • process enumeration
  • driver enumeration
  • support for extraction of debug symbol information for system modules
  • settings menu for customizing evidence collectors
  • Improved handling for USN Journal files (credits Halil ÖZTÜRKCİ)
  • Improved user experience
  • Decreased IREC.exe file size

You can read more and download the latest release over here: https://binalyze.com/products/irec-free/

Share