Gathering forensic data with CrowdResponseDate: Apr 24, 2014
Attackers have been forcing enterprise incident response teams to work overtime lately, with two-thirds of respondents to a recent Ponemon Institute survey indicating their companies are in a state of constant compromise, thanks to malware, botnets and other attacks. Worse, many security teams are unable to respond to every incident, thanks to a barrage of alerts from various security appliances, and often when they do follow up, they simply don't have the time to conduct a thorough incident response evaluation. How can IT security teams investigate incidents in a more thorough and efficient manner without breaking out the corporate checkbook? The free incident response tool, CrowdResponse, may be the answer.
In this SearchSecurity screencast, Keith Barker, a Certified Information Systems Security Professional and trainer for CBT Nuggets LLC, demonstrates how to use CrowdResponse, a Windows command-line application created by security vendor CrowdStrike, which helps gather detailed information for incident response efforts. CrowdResponse enables security pros to validate the hash codes of the executables and zip files in command prompt, and verify that the files running on a PC are the same as the files provided by the vendor. Users can also check the SHA-256 and MD5 hashes, as well as any active processes running on the machine. CrowdResponse allows users to easily run the sub-tools -- such as DirList for files, PsList for processes and YARA rules -- to identify and classify malware by looking for specific strings in active memory and file systems. With the free CrowdResponse tool, incident response teams will be able to contain security incidents in a more timely and thorough manner.
About CBT Nuggets:
CBT Nuggets creates cutting-edge online IT training in topics including network security, server administration and more. Train 24/7, from any device. Try CBT Nuggets with a seven-day free trial and train on a variety of topics, including Cisco security, Wireshark, Linux and more! Watch. Learn. Conquer.
About Keith Barker:
Keith Barker, CISSP, is a trainer for CBT Nuggets and has more than 27 years of IT experience. He is a double CCIE and has been named a Cisco Designated VIP. Barker is also the author of numerous Cisco Press books and articles.