Mantaray forensics

[ram1r3z0]

Boring forensics stuff is over :|)
Tool for automatizing forensics

http://mantarayforensics.com/downloads/

[blindfuzzy]

Pft, since when has forensics been boring?

[ram1r3z0]

Well, I wrote a lot of scripts to do what Mantaray already do because running script after script is a lot of boring until you come to some interesting stuff

[blindfuzzy]

Well, I wrote a lot of scripts to do what Mantaray already do because running script after script is a lot of boring until you come to some interesting stuff

What do you usually use to do your forensics? Yeah, I understand but for a while it is interesting writing different scripts for what you are trying to get accomplished. I'm wondering if they'll be at the conference I am going to soon...might have to get in their training program while I'm there.

[ram1r3z0]

It depends if I analyze disk or memory.

In case of memory I use most volatility and some some own scripts which do carving with respect to memory.

In case of disks I use Encase and enscripts . Of course SleuthKit, DFF and lot of more. It actually very depends on tasks needed to complete. In lot of cases Encase is enough.

[blindfuzzy]

It depends if I analyze disk or memory.

In case of memory I use most volatility and some some own scripts which do carving with respect to memory.

In case of disks I use Encase and enscripts . Of course SleuthKit, DFF and lot of more. It actually very depends on tasks needed to complete. In lot of cases Encase is enough.

Have you tried FTK imager? Or any of the FTK tools for that matter.
What you use is what WE all use for forensics in the field haha. I use Autopsy a lot of the time with a module we scripted to map out a network of data sent/received...etc. It's pretty handy when turning in our findings.

[ram1r3z0]

I use FTK imager daily. FTK not ... it  is too expensive