interACT

In Digital Forensics and Incident Response (DFIR), having the right tools can make all the difference. Enter interACT Remote Shell, a purpose-built solution that differentiates itself from the crowd.

Purpose-Built for DFIR

At its core, interACT is meticulously crafted for the intricate demands of Digital Forensics and Incident Response. It's not just another shell implementation; it's a specialized tool designed to meet the specific challenges faced by investigators and responders in the field.

AIR’s interACT module is a comprehensive, secure remote shell that is cross-platform and provides a standardized command set for Windows, macOS, and Linux, empowering and greatly simplifying the investigation process. Investigators and incident responders can connect to their assets easily by starting an interACT session via the AIR console.

When an interACT session is initiated, the AIR console connects to a single or multiple assets in just a few seconds and provides a command line interface for investigators to begin their triage, mitigation, or other remediation actions.

User Privileges Tailored to Your Needs

Another handy and unique feature of interACT is its ability to control access to features based on the user's permission level. This enables DFIR team leaders and managers to create tailored access profiles that match the experience and abilities of each team member.

Cross-Platform Commands for Seamless Operations

DFIR environments are diverse, comprising systems running various operating systems, including Windows, Linux, and macOS. interACT simplifies operations by supporting cross-platform commands, ensuring a consistent and efficient experience across different operating systems.

interACT’s Library feature enables DFIR managers and team leaders to upload standardized investigation assets, such as scripts and toolkits, allowing individual analysts to utilize them with a single click during their investigations.

Multi-Asset interACT Capability

Multi-Asset interACT, designed to streamline investigations and boost analyst productivity:

• Multi-Asset Sessions Analysts can now launch and manage up to 50 simultaneous interACT sessions within a single console window. This consolidated interface significantly reduces context switching and cognitive overhead during live investigations.

• Command Broadcasting A new “ALL” tab enables investigators to send a single command to all active sessions with a single click, eliminating the need for repetitive manual entry.

• Flexible Interface The redesigned, dockable interACT drawer can be positioned top, bottom, left, or right of the screen, and easily resized, collapsed, or maximized for improved focus and flexibility.

• Launch Anywhere The interACT shell can be launched globally from the AIR header bar or directly within the Investigation Hub, allowing for real-time responses without disrupting your current workflow.

• Consolidated Session Output View results by individual asset or through a unified “ALL” tab for a streamlined review of command output across all active sessions.

• Exportable Reports Session results and transcripts can be exported to PDF or HTML, directly from the interACT window, ensuring clean documentation and auditability.

Deploy Your Favorite Scripts with Ease

Repetitive tasks are an inevitable part of digital forensics and incident response (DFIR). With interACT's library, you can easily deploy your favorite scripts. This not only saves time but also ensures consistency in your investigative processes.

Case Collaboration Made Simple

Collaboration is at the heart of effective incident response. With interACT, you can attach sessions to specific cases, promoting seamless collaboration among team members. This feature streamlines communication, ensuring everyone is on the same page during investigations.

Additionally, by providing access to the Library of approved assets, a more uniform investigative process can be defined and encouraged across the entire team.

Full auditing and logging for Enhanced Visibility

Another valuable feature of interACT is the full auditing and logging capability. This not only enhances visibility but also facilitates compliance with rigorous security standards. Every command used and response received is logged in a real-time interACT session report. Additionally, if any files are transferred between the analyst and the asset, these are logged, including their hash values.

interACT has three levels of audit:

1. Firstly, the interACT session log is saved as a Task and generates a case report, which is viewable immediately after the session is closed.

2. Next is the global Audit Log, which can not be purged

3. Thirdly, the user can export the interACT audit logs to their Syslog server for analysis.

interACT is a powerful tool, so this comprehensive auditing capability provides peace of mind, ensuring that you can accurately demonstrate exactly what happened during a remote shell session should the need arise.

Peace of Mind with Individual Privileges

interACT provides peace of mind by offering individual privileges for command sets. This fine-grained control enables you to strike a balance between the need for access and the imperative of maintaining a secure environment.

In conclusion, interACT Remote Shell is not just a tool; it's a game-changer for DFIR professionals. Its purpose-built design, user privilege customization, cross-platform compatibility, Syslog integration, script deployment capabilities, collaborative features, and emphasis on individual privileges make it a versatile and indispensable asset in the arsenal of any cybersecurity expert.