Educause Security Discussion mailing list archives
FRISK/IR RC1 Released
From: four <four () GWU EDU>
Date: Tue, 12 Apr 2005 17:46:26 -0400
Hi Everyone, Last week I gave a talk at the Educause Sec05 conference entitled "Modern Incident Response Tools and Techniques". During this talk I released a tool that I have been working on for the last few months called FRISK (the Forensic Response and Incident Support Kit). Since it seemed to have a good reception I thought I would share the release with the general university security community. Here is a brief synopsis of its features: FRISK is designed to facilitate the process of incident response in a University or large enterprise. It is designed to be run on a host by personnel of any skill level. Here are the key features: Flexible HTML Template-Driven Output System Secure Uploading of Results to a Central Location Robust Plugin Architecture Forensically Sound and Fully Automated (Never a write to local disk unless forced - can be run from CDROM) Open Source, Perl Based Perl (or any other installation) not required on the host Clean Code and easily extensible.... FRISK helps your enterprise perform live incident response more quickly, and helps you, the security professional focus on what is important - the results. While I do realize that there are other tools out there, none that I have seen are designed to be as extensible and customizable as FRISK. My goal is to build a tool with a community like Nessus or Snort for incident response, driven by community contributions of plugins, so that we, as a university community, can easily stay abreast of new threats. The current version of FRISK supports only Windows-based platforms. However, it is a primary goal of the project to support UNIX/Linux platforms in the near future. The release has some documentation, and includes a Perl distribution so that you can get up and running quickly and easily. Please post any and all questions to the relevant FRISK project forums. Thank you very much, Project Page http://www.sourceforge.net/projects/frisk Screenshots https://sourceforge.net/project/screenshots.php?group_id=132688&ssid=10471 John "Four" Flynn Information Security Engineer Intrusion and Forensic Specialist Information Systems and Services The George Washington University ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
Current thread:
- FRISK/IR RC1 Released four (Apr 12)