#DFIR thoughts 💭
Expectations from paid multipurpose #DFIR tools (#4n6 focused):
🔂 Ingest multiple images at the same time or sequentially in a automated fashion. If the GUI doesn't allow it provide for a way to script it. Terminal / CMD line at a minimum.
1/
Expectations from paid multipurpose #DFIR tools (#4n6 focused):
🔂 Ingest multiple images at the same time or sequentially in a automated fashion. If the GUI doesn't allow it provide for a way to script it. Terminal / CMD line at a minimum.
1/
🪵 Support well know data sources natively in a report they gives context. Ex. If the field is called 'abcd' but the data in it is a Last Modified Timestamp call it as such in the report. For context tie the item to a particular app, service, or function if known.
2/
2/
🖼 Provide general purpose viewers for well known file types. Bonus if there is a way to pick and choose keys and values for custom report generation.
3/
3/
🤖 Allow the scripting, automation, and reporting of user discovered artifacts and be able to share them with other tool users.
4/
4/
🌭 Ingest the output of other tools to generate an unified report. This could go from appending a third-party report to fully parsing the added external data.
5/
5/
🖥 Use open source, well-know, and/or industry accepted standards for tool input and output. Make it easy to validate manually and with other tools.
6/
6/
⚠️ Provide easily accesible visual alerts when a decoding or parsing error happens with enough information that finding additional info in the backend error log is easy to do. Give me more than error x338594.
7/
7/
⚡ Optimize for speed. Data sources are not getting any smaller. Enable selective processing of the data.
8/
8/
🚉 If possible provide affordable training and/or free community resources.
Any other expectations or good to have features?
9/
Any other expectations or good to have features?
9/
• • •
Missing some Tweet in this thread? You can try to
force a refresh
