Security News > 2022 > October > Dissect: Open-source framework for collecting, analyzing forensic data
A game changer in cyber incident response, the Dissect framework enables data acquisition on thousands of systems within hours, regardless of the nature and size of the IT environment to be investigated after an attack.
Now it is available on GitHub to the security community as open source software to help advance and accelerate forensic data collection and analysis.
"We developed Dissect because we dealt with increasingly complex IT environments and it has greatly enhanced our incident response capabilities. We are now sharing Dissect as open source software with the security community, particularly incident responders from fellow security companies and security teams from larger companies," said Erik Schamper, Senior Security Analyst at Fox-IT. Tailored for incident responders.
The time savings obviously depend on the IT environment in which data must be collected, but Fox-IT's experience in some cases is that data acquisition that previously took two weeks with Dissect now only takes an hour.
The Dissect framework operates in an extra stealth fashion, meaning the framework can do its work while remaining undetected by an attacker.
Another example is undetected data collection by collecting data directly from the hypervisor, allowing system analysis without the attacker noticing.