A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:
Subscribestar or Patreon

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Incident Response U3 Switchblade From TCSTool (Hacking Illustrated Series InfoSec Tutorial Videos)

Incident Response U3 Switchblade From TCSTool



        I met Russell Butturini (TCSTool) at Phreaknic 2008, there I was introduced to his Incident Response U3 Switchblade. In Russell's own words:

        "The U3 incident response switchblade is a tool designed to gather forensic data from a machine in an automated, self-contained fashion without user intervention for use in an investigation. The switchblade is designed to be very modular, allowing the investigator/IR team to add their own tools and modify the evidence collection process quickly."

        The thing I really like this tool for is those times when you want to know what happened to a compromised Windows box, but can't leave it on the network long term because it may be attacking others. Also, many of the tools I use for security/forensics are seen as "hack tools" by anti-virus, but by having them on the read only CD side of a U3 thumbdrive AV can't automatically delete them. I have a mirror of U3IR here:

                    http://www.irongeek.com/host/u3ir.zip

        which I plan to update as Russ tells me too. This video will cover modifying and creating you own U3 Incident Response Switchblade.

     

If the embedded video below does not show RIGHT click here to save the file to your hard drive.

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast