I met Russell Butturini (TCSTool) at Phreaknic 2008, there I was introduced to
his Incident Response U3 Switchblade. In Russell's own words:
"The U3 incident response switchblade is a tool designed to gather forensic data
from a machine in an automated, self-contained fashion without user intervention
for use in an investigation. The switchblade is designed to be very modular,
allowing the investigator/IR team to add their own tools and modify the evidence
collection process quickly."
The thing I really like this tool for is those times when you want to know what
happened to a compromised Windows box, but can't leave it on the network long
term because it may be attacking others. Also, many of the tools I use for
security/forensics are seen as "hack tools" by anti-virus, but by having them on
the read only CD side of a U3 thumbdrive AV can't automatically delete them. I
have a mirror of U3IR here:
http://www.irongeek.com/host/u3ir.zip
which I plan to update as Russ tells me too. This video will cover modifying and
creating you own U3 Incident Response Switchblade.
If the embedded video below does not show
RIGHT click here to save the file to your hard drive.
If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.
Copyright 2020, IronGeek