The platform is a customized build of the open source Elastic stack, consisting of the Elasticsearch storage and search engine, Logstash ingest and enrichment system, Kibana dashboard frontend, and Elastic Beats log shipper (specifically filebeat). SOF-ELK® is a “big data analytics” platform focused on the typical needs of computer forensic investigators/analysts and information security operations personnel. Read more in our Introduction to Deep File Inspection, dig deeper in our Walkthrough of a Common Malware Carrier, read more about InQuest, about DFI or contact us directly for a formal capabilities briefing. In the future, we will expose lite versions of our Adobe PDF, Oracle Java, and Adobe Flash DFI shims. The current public release is limited to Microsoft and Open Office documents, spreadsheets, and presentations up to 15MB in size. Drag and drop one or more files to queue them for analysis. Additionally, artifacts such as URLs, domains, IPs, e-mail addresses, file names, and XMP IDs are extracted and searchable. While not in full parity with our production engine, this InQuest Labs tool can identify and extract embedded logic, semantic context (including that embedded within images through OCR), and metadata. We aim to automate and scale the reverse engineering skill-set of a typical SOC analyst. Capable of recursively decompressing, decoding, deobfuscating, decompiling, deciphering, and more. A core facet to the InQuest solution is our Deep File Inspection (DFI) engine.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |