The solution is aimed at providing as much information within the forensic bailiwick of an investigation. Our solution consists of 2 main categories, hardware and software. Under hardware, we will be utilizing the already pre-existing BashBunny to dump out the host machine’s RAM data and Event Logs, which will then be analyzed by our software solutions.
The software category consists of a trilogy of modules - a Windows Security Event Log analyzer, a PE static analyzer, and automated RAM analysis. The solution will also contain a Graphical User Interface (GUI) to not only ease navigation and interaction between modules, but also to display the results in a concise manner for investigators to follow up. This GUI is designed for user-friendliness to ease the job of newer/less experienced investigators, while allowing the user to have a clear overview of their task-at-hand.
- Python 3.8.6
- Mozilla FireFox
- Ensure you have Mozila Firefox installed on your computer.
- Ensure all dependencies are installed
pip install -r requirements.txt
- Install Portable FireFox into the project folder where installer is downloadable at:
https://portableapps.com/apps/internet/firefox_portable - Browse to
\FirefoxPortable\Other\Sourceand copyFirefoxPortable.inio the \FirefoxPortable folder. - Modify the FirefoxPortable.ini file you copied and modify the following values
| Keys | Values |
|---|---|
| DisableSplashScreen | true |
| AllowMultipleInstances | true |
- Copy the whole project into a USB drive.
- Launch through
launch.batfrom your drive/disk
User guide can be found here
© 2021 Patrick Kang Wei Sheng & Kevin Tan All Rights Reserved