Compare
Baseline analysis with Compare
The Compare feature enables proactive forensics through baseline analysis, allowing investigators to focus on forensic evidence from the earliest stages of an investigation. Using a patent-pending approach, it identifies and highlights forensic artifacts—added, modified, or deleted—between asset snapshots.
This analysis, completed in just 5 seconds, enhances security by addressing vulnerabilities before they can be exploited, without disrupting ongoing operations. The Compare feature supports both standard and offline acquisitions, providing detailed metadata to help investigators understand potential security risks comprehensively. Compare analysis is performed directly on the Console, eliminating the need for direct access to assets.
The scope of baseline analysis is strategically based on areas commonly abused by attackers. These include:
| macOS | Linux | Windows |
|---|---|---|
AutoLoadedProcs | System | System |
ChromeExtensions | CronJobs | NetworkAdapters |
DiskEncryptions | DNSResolvers | Hosts |
ETCHosts | Hosts | AutorunsServices |
ETCProtocols | IPRoutes | AutorunsRegistry |
ETCServices | IPTables | AutorunsScheduledTasks |
GatekeeperApps | KernelModules | AutorunsStartupFolder |
InstalledApps | Mounts | InstalledApplications |
KextInfo | NetworkInterfaces | Drivers |
LaunchdOverrides | SystemArtifacts | FirewallRules |
SipStatus | Users | |
SysExtInfo |
How to Use Baseline Analysis with Compare
Select the Asset for analysis.
Initiate Compare Task:
Navigate to the Compare under Asset Actions.
Initiating Compare Analysis under Asset Actions Specify the Acquisitions to Compare
Specify two acquisitions to compare or create a new baseline by clicking "Acquire Baseline".
Selecting Acquisitions to Compare Review the Results
Once the task is complete, review the results provided by Baseline Analysis with Compare.
Explore the fine-grained details on the property level.
Explore the details about Added, Changed, Deleted Integrate with Investigations:
Leverage the insights gained from Baseline Analysis with Compare to inform and enhance ongoing digital investigations.
By incorporating Baseline Analysis with Compare into DFIR process, you empower your team with a proactive and efficient approach to identifying and mitigating potential security risks. This feature is a valuable asset in maintaining a robust cybersecurity posture.
Don't hesitate to contact our dedicated support team for any further assistance or inquiries.
Last updated
