Compare

Baseline analysis with Compare

The Compare feature enables proactive forensics through baseline analysis, allowing investigators to focus on forensic evidence from the earliest stages of an investigation. Using a patent-pending approach, it identifies and highlights forensic artifacts—added, modified, or deleted—between asset snapshots.

This analysis, completed in just 5 seconds, enhances security by addressing vulnerabilities before they can be exploited, without disrupting ongoing operations. The Compare feature supports both standard and offline acquisitions, providing detailed metadata to help investigators understand potential security risks comprehensively. Compare analysis is performed directly on the Console, eliminating the need for direct access to assets.

The scope of baseline analysis is strategically based on areas commonly abused by attackers. These include:

macOS
Linux
Windows

AutoLoadedProcs

System

System

ChromeExtensions

CronJobs

NetworkAdapters

DiskEncryptions

DNSResolvers

Hosts

ETCHosts

Hosts

AutorunsServices

ETCProtocols

IPRoutes

AutorunsRegistry

ETCServices

IPTables

AutorunsScheduledTasks

GatekeeperApps

KernelModules

AutorunsStartupFolder

InstalledApps

Mounts

InstalledApplications

KextInfo

NetworkInterfaces

Drivers

LaunchdOverrides

SystemArtifacts

FirewallRules

SipStatus

Users

SysExtInfo

How to Use Baseline Analysis with Compare

  1. Select the Asset for analysis.

  2. Initiate Compare Task:

    • Navigate to the Compare under Asset Actions.

  3. Specify the Acquisitions to Compare

    • Specify two acquisitions to compare or create a new baseline by clicking "Acquire Baseline".

  4. Review the Results

    • Once the task is complete, review the results provided by Baseline Analysis with Compare.

    • Explore the fine-grained details on the property level.

  5. Integrate with Investigations:

    • Leverage the insights gained from Baseline Analysis with Compare to inform and enhance ongoing digital investigations.

By incorporating Baseline Analysis with Compare into DFIR process, you empower your team with a proactive and efficient approach to identifying and mitigating potential security risks. This feature is a valuable asset in maintaining a robust cybersecurity posture.

Don't hesitate to contact our dedicated support team for any further assistance or inquiries.

Last updated