Fibratus - Tool For Exploration Together With Tracing Of The Windows Kernel
Fibratus is a tool which is able to capture the nearly of the Windows kernel action - process/thread creation together with termination, context switches, file arrangement I/O, registry, network activity, DLL loading/unloading together with much more. The nub events tin live easily streamed to a release of output sinks similar AMQP message brokers, Elasticsearch clusters or touchstone output stream. You tin role filaments (lightweight Python modules) to extend Fibratus alongside your ain arsenal of tools together with and therefore leverage the ability of the Python's ecosystem.
Installation
Download the latest release (Windows installer). The changelog together with older releases tin live flora here.
Alternatively, you lot tin become fibratus from PyPI.
- Install the dependencies
- Download together with install Python 3.4.
- Install Visual Studio 2015 (you'll alone need the Visual C compiler to fix the
kstreamcextension). Make certain to export theVS100COMNTOOLSsurroundings variable together with therefore it points to%VS140COMNTOOLS%. - Get Cython:
pip install Cython >=0.23.4.
- Install fibratus via the pip parcel manager:
pip install fibratusDocumentation
See the wiki.
