The 29th of October, during the Hackito Ergo Sum conference, two members of SEKOIA’s CERT performed a talk called: “Complex malware & forensics investigation”. This talk provided an opportunity for publishing an open source tools developed by the SEKOIA’s lab named FastIR Collector. It is the forensics collector that the SEKOIA’s CERT uses during incident response. The source code and compiled binaries can be freely downloaded on our Github page: https://github.com/SekoiaLab/Fastir_Collector. A documentation is also available here.
Moreover, the experts of the SEKOIA’s CERT wrote a document to explain how to use FastIR Collector on real cases. For this document, the authors chose different kinds of malware: rootkit, bootkit and classic Remote Administration Tool (RAT). The purpose is to understand how the output of FastIR Collector can be a real advantage for the investigator during a security incident or to perform a system health check. The document (in PDF format) can be downloaded here.