-
Notifications
You must be signed in to change notification settings - Fork 25
The Framework
The CIRTKit framework was originally forked from the Viper Binary Analysis framework. Viper had a great command-line based user interface, and the module framework was fairly comprehensive. CIRTKit is a major deviation of the Viper framework, but it still utilizes many of the same core design elements, such as the modules, projects (though renamed to investigations), and session objects.
Integrations are specific to CIRTKit and are useful for switching application context during an investigation. For example, in the middle of an investigation you may need to activate the Live Response console for CarbonBlack to grab a malicious file, or add a new rule to your Bit9 Security Platform. This can be done using elements from the CIRTKit framework in a way that allows the analyst to seamlessly move between applications without losing their train of thought.
Upon the initial Alpha release, CarbonBlack Live Response will be the only available integration
Modules is a concept taken directly from Viper, and has not been modified too much. The modules framework allows quick actions to be taken within the main application context, either on an investigation artifact or simply for information gathering.
Currently the CIRTKit framework offers 27 modules that were forked directly from the Viper Framework.
Planned for future release. Stay tuned
© Bob "byt3smith" Argenbright | 2015