Automated Network Triage (ANT) / Profiler

less than 1 minute read

Project: Automated Network Triage (ANT) / Profiler

Purpose: Client-server based triage of suspect systems for case relevance sorting

Status: Active

License:
Developer(s): Martin Koopmans

More information:

ANT is a tool to conduct triage (artifact sorting) on-scene in large corporate networks. ANT is also very useful in a forensic lab to help reduce backlogs.

ANT has been developed using a client-server model, where the network clients will boot from a forensically sound Linux OS that is served by the ANT server using PXE. With ANT it's easy to find targeted suspect data on network clients that can be centrally analyzed on the ANT server.

Profiler is an extension has been developed to get a fast overview of information on a system before starting a full investigation. Profiler parses all Windows Registry files (sam, system, software, security) and Internet files (Chrome, Firefox, Safari and Internet Explorer). Profiler reads EWF images, DD images and physical disks.

Profiler functions have been integrated into ANT.

Related Publications:

Koopmans, M.B., J.I. James (2013) "Automated Network Triage". Digital Investigation. Elsevier. ISSN 1742-2876. 10.1016/i.diin.2013.03.002.
James, J. I., M. Koopmans, P. Gladyshev. (2011, June 14). Rapid Evidence Acquisition Project for Event Reconstruction. The Sleuth Kit & Open Source Digital Forensics Conference, McLean, VA, Basis Technology. <http://www.basistech.com/about-us/events/open-source-forensics-conference/2011/>

Links:

Share on

Twitter Facebook LinkedIn

Joshua I. James

Automated Network Triage (ANT) / Profiler

Share on

You may also enjoy

iLEAPP and RLEAPP updates and dev thoughts

What data can you find in RAM?

Modular artifact scripts coming to iLEAPP

Forensic 4:Cast Awards - The real award is DFriends we made along the way