Skadi - Collect, Process, As Well As Hunt Amongst Host Based Information From Macos, Windows, As Well As Linux
(pronounced “SKAH-Dee”: like to Scotty exactly alongside a
d sound) is a giantess in addition to goddess of hunting inward Norse mythologyPurpose
Skadi is a free, opened upwards source collection of tools that enables the collection, processing in addition to advanced analysis of forensic artifacts in addition to images. It industrial plant on MacOS, Windows, in addition to Linux machines. It scales to piece of employment effectively on laptops, desktops, servers, the cloud, in addition to tin live installed on top of hardened / golden disk images.
How to Get Started in addition to Support
Download Latest Release
Available inward OVA, Vagrant in addition to Signed Installer formats
Download the Latest Release
Installation Instructions
Starting Skadi on Docker Instructions Vagrant Installation Instructions
OVA Installation Instructions
Signed Installer Instructions
Skadi Portal
This portal allows slow access to Skadi tools. By default it is available at the IP address of the Skadi Server.
The default credentials are:
- Username:
skadi - Password:
skadi
192.168.1.2 spell Vagrant in addition to Docker volition practice a link to localhost- Example: http://192.168.1.2
- Vagrant Example: http://localhost
Included Tools
The tools are combined into i platform that all piece of employment together to render the mightiness to collect data, convert the bits in addition to bytes to words in addition to numbers, in addition to analyze the results chop-chop in addition to easily. This enables the mightiness to rapidly hunt for host based evidence of a malicious activities chop-chop in addition to accurately.
- CDQR
- CyberChef
- CyLR
- Docker
- ElasticSearch
- Glances
- Grafana
- Portainer
- Kibana
- Yeti
- Plaso
- TimeSketch
Yeti (Threat Intelligence Tool)
Kibana in addition to TimeSketch Included
11 Kibana Dashboards
TimeSketch
Videos in addition to Media
- Alamo ISSA 2018 Slides: Reviews CCF-VM components, walkthrough of how to install GCP version in addition to beak over automation possibilities in addition to risks
- SANS DFIR Summit 2017 Video: Influenza A virus subtype H5N1 beak near using CCF-VM for Digital Forensics in addition to Incident Response (DFIR)
- ISC2 Security Congress 2017 Slides: Another beak near using CCF-VM for Digital Forensics in addition to Incident Response (DFIR)
- DEFCON 25 4-hour Workshop 2017 Slides: Free in addition to Easy DFIR Triage for Everyone
- OSDFCON 2017 Slides: Walk-through dissimilar techniques that are required to render forensics results for Windows in addition to *nix environments (Including CyLR in addition to CDQR)
Skadi Wiki Page
The answers to mutual questions in addition to information near how to larn started alongside Skadi is stored inward the Skadi Wiki Pages.
Skadi Community
There is a Slack community setup for developers in addition to users of the Skadi ecosystem. It is a rubber house to enquire questions in addition to percentage information.
Join the Skadi Community Slack
Skadi Add-on Packs
Skadi improver packs are installed on top of the base of operations Skadi VM to render extra functionality
- Skadi Pack 01: Automation: Provides ii methods of integrating alongside whatever Automation tool: gRPC API or using SSH
- Skadi Pack 02: Secure Networking: Updates the firewall in addition to authenticated contrary proxy for utilization inward network deployment. Provides instructions for obtaining TLS/SSL certificates
Thank y'all to everyone who has helped, in addition to those that overstep away along to, making this projection a reality.
Special Thanks to:
- The squad from Komand for their advice in addition to back upwards on all things Automation
- Jackie & Jason from @SpyglassSec for their guidance
- Every unmarried i of the contributors who's efforts made the automation Addon Pack possible
CREATOR
