Baseline Analysis with Compare

Baseline Analysis with Compare is an innovative feature that allows for proactive forensics, which shifts the focus of digital forensics to the early stages of an investigation. It utilizes a patent-pending approach to proactive forensics. This means that the analysis is not merely reactive but takes preemptive measures to identify and address potential security threats before they escalate. By shifting forensics to the left, this feature focuses on identifying and mitigating potential threats early in the digital investigation process. This proactive approach enhances the overall security posture by addressing vulnerabilities before they are exploited.

Completing the analysis in just 5 seconds, Baseline Analysis with Compare ensures that investigators can swiftly assess the security landscape without causing significant disruptions to ongoing operations.

The feature seamlessly supports standard acquisitions. This makes it versatile and adaptable to various forensic scenarios and methodologies.

Baseline Analysis with Compare provides fine-grained details on a property level. This granular insight allows investigators to delve deep into the intricacies of digital artifacts, providing a comprehensive understanding of potential security risks. Compare Analysis is performed directly on the Console, eliminating the need for direct access to assets. This not only streamlines the investigative process but also enhances security by reducing the exposure of assets to potential risks during analysis.

The scope of baseline analysis is strategically based on areas commonly abused by attackers. These include:

  • Autostarts: Identification of programs configured to start automatically.

  • Installed Applications: Listing of software applications installed on the system.

  • Services: Enumeration of services running on the system.

  • Firewall Rules: Configuration of firewall rules on the system.

  • Hosts File: Examination of the system's host file.

  • Kernel Modules / Drivers: Analysis of kernel modules and drivers.

  • And more.

How to Use Baseline Analysis with Compare

  1. Select the Asset for analysis.

  2. Initiate Compare Task:

    • Navigate to the Compare under Asset Actions.

  3. Specify the Acquisitions to Compare

    • Specify two acquisitions to compare or create a new baseline by clicking "Acquire Baseline".

  4. Review the Results

    • Once the task is complete, review the results provided by Baseline Analysis with Compare.

    • Explore the fine-grained details on the property level.

  5. Integrate with Investigations:

    • Leverage the insights gained from Baseline Analysis with Compare to inform and enhance ongoing digital investigations.

By incorporating Baseline Analysis with Compare into DFIR process, you empower your team with a proactive and efficient approach to identifying and mitigating potential security risks. This feature is a valuable asset in maintaining a robust cybersecurity posture.

Don't hesitate to contact our dedicated support team for any further assistance or inquiries.

Last updated