server infrastructure that can manage and talk to the agent.
- Cross-platform support for Linux, Mac OS X and Windows clients.
- Live remote memory analysis using open source memory drivers for Linux, Mac
OS X and Windows, and the Rekall memory
- Powerful search and download capabilities for files and the Windows registry.
- Secure communication infrastructure designed for Internet deployment.
- Client automatic update support.
- Detailed monitoring of client CPU, memory, IO usage and self-imposed
- Fully fledged response capabilities handling most incident response and
- OS-level and raw file system access, using the SleuthKit (TSK).
- Enterprise hunting (searching across a fleet of machines) support.
- Fully scalable back-end to handle very large deployments.
- Automated scheduling for recurring tasks.
- Fast and simple collection of hundreds of digital forensic artifacts.
- Asynchronous design allows future task scheduling for clients, designed to
work with a large fleet of laptops.
- Ajax Web UI.
- Fully scriptable IPython console access.
- Basic system timelining features.
- Basic reporting infrastructure.
- A linux box. At the moment the full install is thoroughly tested end to end on Ubuntu Server 14.04 64-bit . It works on other things fine , but that is what it’s tested on.
Recommend > 1GB Ram and a modern CPU if you want to run everything on one box
(note that free Amazon EC2 instances don’t have enough RAM).
Some clients to talk to the server. OSX, Windows and Linux agents are
Making it Go
sudo bash install_script_ubuntu.sh
Read more at: