(pronounced “SKAH-Dee”: similar to Scotty but with a d sound) is a giantess and goddess of hunting in Norse mythology
Skadi is a free, open source collection of tools that enables the collection, processing and advanced analysis of forensic artifacts and images. It works on MacOS, Windows, and Linux machines. It scales to work effectively on laptops, desktops, servers, the cloud, and can be installed on top of hardened / gold disk images.
Available in OVA, Vagrant and Signed Installer formats
Download the Latest Release
Starting Skadi on Docker Instructions
Vagrant Installation Instructions
OVA Installation Instructions
Signed Installer Instructions
This portal allows easy access to Skadi tools. By default it is available at the IP address of the Skadi Server.
The default credentials are:
- Username:
skadi - Password:
skadi
Access the portal through a web browser at the IP address of the server. In this example the server is 192.168.1.2 while Vagrant and Docker will create a link to localhost
- Example: http://192.168.1.2
- Vagrant Example: http://localhost
The tools are combined into one platform that all work together to provide the ability to collect data, convert the bits and bytes to words and numbers, and analyze the results quickly and easily. This enables the ability to rapidly hunt for host based evidence of a malicious activities quickly and accurately.
- CDQR
- CyberChef
- CyLR
- Docker
- ElasticSearch
- Glances
- Grafana
- Portainer
- Kibana
- Yeti
- Plaso
- TimeSketch
- Alamo ISSA 2018 Slides: Reviews CCF-VM components, walkthrough of how to install GCP version and discuss automation possibilities and risks
- SANS DFIR Summit 2017 Video: A talk about using CCF-VM for Digital Forensics and Incident Response (DFIR)
- ISC2 Security Congress 2017 Slides: Another talk about using CCF-VM for Digital Forensics and Incident Response (DFIR)
- DEFCON 25 4-hour Workshop 2017 Slides: Free and Easy DFIR Triage for Everyone
- OSDFCON 2017 Slides: Walk-through different techniques that are required to provide forensics results for Windows and *nix environments (Including CyLR and CDQR)
The answers to common questions and information about how to get started with Skadi is stored in the Skadi Wiki Pages.
There is a Slack community setup for developers and users of the Skadi ecosystem. It is a safe place to ask questions and share information.
Join the Skadi Community Slack
Skadi add-on packs are installed on top of the base Skadi VM to provide extra functionality
- Skadi Pack 01: Automation: Provides two methods of integrating with any Automation tool: gRPC API or using SSH
- Skadi Pack 02: Secure Networking: Updates the firewall and authenticated reverse proxy for use in network deployment. Provides instructions for obtaining TLS/SSL certificates
- The team from Komand for their advice and support on all things Automation
- Jackie & Jason from @SpyglassSec for their guidance
- Every single one of the contributors who's efforts made the automation Addon Pack possible
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent