Ansible Playbook for Cisco ASA Forensic Investigation Procedures for First Responders

Automation for the Cisco ASA Forensic Investigation Procedures for First Responders.

The playbook also automate a forensic memory command show memory region | include lina that exist in TALOS's blog but not in any of the above procedures. Read the blog for the significance of this command.

Install the Ansible Cisco ASA collection.

ansible-galaxy collection install cisco.asa

Run the playbook.

ansible-playbook -i inventory.yml investigate.yml

All of the outputs are stored locally per inventory_host on the control node.