Compare
Baseline analysis with Compare
The Compare feature enables proactive forensics through baseline analysis, allowing investigators to focus on forensic evidence from the earliest stages of an investigation. Using a patent-pending approach, it identifies and highlights forensic artifacts—added, modified, or deleted—between asset snapshots.
This analysis, completed in just 5 seconds, enhances security by addressing vulnerabilities before they can be exploited, without disrupting ongoing operations. The Compare feature supports both standard and offline acquisitions, providing detailed metadata to help investigators understand potential security risks comprehensively. Compare analysis is performed directly on the Console, eliminating the need for direct access to assets.
The scope of baseline analysis is strategically based on areas commonly abused by attackers. These include:
AutoLoadedProcs
System
System
ChromeExtensions
CronJobs
NetworkAdapters
DiskEncryptions
DNSResolvers
Hosts
ETCHosts
Hosts
AutorunsServices
ETCProtocols
IPRoutes
AutorunsRegistry
ETCServices
IPTables
AutorunsScheduledTasks
GatekeeperApps
KernelModules
AutorunsStartupFolder
InstalledApps
Mounts
InstalledApplications
KextInfo
NetworkInterfaces
Drivers
LaunchdOverrides
SystemArtifacts
FirewallRules
SipStatus
Users
SysExtInfo
How to Use Baseline Analysis with Compare
Select the Asset for analysis.
Initiate Compare Task:
Navigate to the Compare under Asset Actions.
Specify the Acquisitions to Compare
Specify two acquisitions to compare or create a new baseline by clicking "Acquire Baseline".
Review the Results
Once the task is complete, review the results provided by Baseline Analysis with Compare.
Explore the fine-grained details on the property level.
Integrate with Investigations:
Leverage the insights gained from Baseline Analysis with Compare to inform and enhance ongoing digital investigations.
By incorporating Baseline Analysis with Compare into DFIR process, you empower your team with a proactive and efficient approach to identifying and mitigating potential security risks. This feature is a valuable asset in maintaining a robust cybersecurity posture.
Don't hesitate to contact our dedicated support team for any further assistance or inquiries.
Last updated