FastIR Collector Logo

FastIR Collector

0
Free
Visit Website

We changed our approach to live forensics acquisition, which means FastIR Collector is no longer maintained. We recommend using our new FastIR Artifacts collector instead. Concepts: This tool collects different artefacts on live Windows and records the results in csv or json files. With the analyses of these artefacts, an early compromission can be detected. Downloads: Binaries can be found in the release page of this project. Requirements: pywin32, python WMI, python psutil, python yaml, construct, distorm3, hexdump, pytz. Alternatively, a pip freeze output is available in reqs.pip. Compiling: To compile FastIR, you will need pyinstaller. Simply use pyinstaller pyinstaller.spec at the project root directory. The binary will by default be in /dist. Important: for x64 systems, check that your local python installation is also in x64. Execution: ./fastIR_x64.exe -h for help ./fastIR_x64.exe --packages fast extract all artefacts except dump and FileCatcher packages ./fastIR_x64.exe --packages dump --dump mft to extract MFT ./fastIR_x64.exe --packages all --output_dir your_output_dir to set the directory output (by default ./output/) ./fastIR_x64.exe --profile your_file_profile to specify a profile

FEATURES

ALTERNATIVES

Collects and organizes Linux OS data for detailed analysis and incident response.

Open source tool for generating YARA rules about installed software from a running OS.

A Kernel fuzzer focusing on race bugs

A collaborative forensic timeline analysis tool for organizing and analyzing data with rich annotations and comments.

A Mac OS X forensic utility for ensuring correct forensic procedures during disk imaging.

A library to access FileVault Drive Encryption (FVDE) encrypted volumes on Mac OS X systems.

Digital investigation tool for extracting forensic data from computers and managing investigations.

A forensic analysis tool that extracts and parses logs, notifications, and system information from iOS/iPadOS devices and backups.