-
Notifications
You must be signed in to change notification settings - Fork 25
About
CIRTKit is not just a collection of tools, but also a framework to aid in the ongoing unification of Incident Response and Forensics investigation processes.
Investigations are the core of CIRTKit. Incident responders and forensic analysts generate large amounts of data during investigations. Normally this data is stored in ticketing systems, governance and risk systems, or some other variation of persistent data storage.
CIRTKit aims to bring core DFIR (Digital Forensics and Incident Response) tools into one console, centralizing the investigation process. There are many tools available that incident responders use to collect, parse, and interpret data. If we can bring all of these tools together to one console that can store information and malware artifacts centrally, we may be able to better combat the adversaries.
The inspiration behind CIRTKit came from the Metasploit Framework. Metasploit was revolutionary to the offensive security industry, allowing users to not only centrally manage penetration tests, but also use and develop new tools/exploits to further their cause. The key question that spurred the initiation of CIRTKit was this: "Why are attackers more equipped than defenders?"
With Metasploit, attackers are always equipped, constantly sharing new exploits and tools with the framework to enable others to take advantage of known vulnerabilities. The time has come for network defenders to centralize our toolsets and share new detection and response capabilities easily with the community.
Enter, CIRTKit.
© Bob "byt3smith" Argenbright | 2015