GithubHelp home page GithubHelp logo

bitl8-byteshort / skadi Goto Github PK

View Code? Open in Web Editor NEW

This project forked from orlikoski/skadi

0.0 1.0 0.0 90.34 MB

Collect, Process, and Hunt with host based data from MacOS, Windows, and Linux

Home Page: https://www.skadivm.com

License: GNU General Public License v3.0

Shell 55.09% HTML 20.67% PowerShell 5.31% Ruby 1.91% Python 17.02%

skadi's Introduction


(pronounced “SKAH-Dee”: similar to Scotty but with a d sound) is a giantess and goddess of hunting in Norse mythology

Purpose

Skadi is a free, open source collection of tools that enables the collection, processing and advanced analysis of forensic artifacts and images. It works on MacOS, Windows, and Linux machines. It scales to work effectively on laptops, desktops, servers, the cloud, and can be installed on top of hardened / gold disk images.

How to Get Started and Support

Download Latest Release

Available in OVA, Vagrant and Signed Installer formats
Download the Latest Release

Installation Instructions

Starting Skadi on Docker Instructions Vagrant Installation Instructions
OVA Installation Instructions
Signed Installer Instructions

Skadi Portal

This portal allows easy access to Skadi tools. By default it is available at the IP address of the Skadi Server.
The default credentials are:

  • Username: skadi
  • Password: skadi

Access the portal through a web browser at the IP address of the server. In this example the server is 192.168.1.2 while Vagrant and Docker will create a link to localhost

Included Tools

The tools are combined into one platform that all work together to provide the ability to collect data, convert the bits and bytes to words and numbers, and analyze the results quickly and easily. This enables the ability to rapidly hunt for host based evidence of a malicious activities quickly and accurately.

  • CDQR
  • CyberChef
  • CyLR
  • Docker
  • ElasticSearch
  • Glances
  • Grafana
  • Portainer
  • Kibana
  • Yeti
  • Plaso
  • TimeSketch

Yeti (Threat Intelligence Tool)

Kibana and TimeSketch Included

11 Kibana Dashboards


TimeSketch


Videos and Media

  • Alamo ISSA 2018 Slides: Reviews CCF-VM components, walkthrough of how to install GCP version and discuss automation possibilities and risks
  • SANS DFIR Summit 2017 Video: A talk about using CCF-VM for Digital Forensics and Incident Response (DFIR)
  • ISC2 Security Congress 2017 Slides: Another talk about using CCF-VM for Digital Forensics and Incident Response (DFIR)
  • DEFCON 25 4-hour Workshop 2017 Slides: Free and Easy DFIR Triage for Everyone
  • OSDFCON 2017 Slides: Walk-through different techniques that are required to provide forensics results for Windows and *nix environments (Including CyLR and CDQR)

Skadi Wiki Page

The answers to common questions and information about how to get started with Skadi is stored in the Skadi Wiki Pages.

Skadi Community

There is a Slack community setup for developers and users of the Skadi ecosystem. It is a safe place to ask questions and share information.

Join the Skadi Community Slack

Skadi Add-on Packs

Skadi add-on packs are installed on top of the base Skadi VM to provide extra functionality

  • Skadi Pack 01: Automation: Provides two methods of integrating with any Automation tool: gRPC API or using SSH
  • Skadi Pack 02: Secure Networking: Updates the firewall and authenticated reverse proxy for use in network deployment. Provides instructions for obtaining TLS/SSL certificates

Thank you to everyone who has helped, and those that continue to, making this project a reality.

Special Thanks to:

  • The team from Komand for their advice and support on all things Automation
  • Jackie & Jason from @SpyglassSec for their guidance
  • Every single one of the contributors who's efforts made the automation Addon Pack possible

CREATOR

skadi's People

Watchers

 avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.