Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

FRISK/IR RC1 Released

From: four <four () GWU EDU>
Date: Tue, 12 Apr 2005 17:46:26 -0400
Hi Everyone,

Last week I gave a talk at the Educause Sec05 conference entitled "Modern
Incident Response Tools and Techniques". During this talk I released a
tool that I have been working on for the last few months called FRISK (the
Forensic Response and Incident Support Kit). Since it seemed to have a
good reception I thought I would share the release with the general
university security community. Here is a brief synopsis of its features:

FRISK is designed to facilitate the process of incident response in a
University or large enterprise. It is designed to be run on a host by
personnel of any skill level. Here are the key features:

Flexible HTML Template-Driven Output System
Secure Uploading of Results to a Central Location
Robust Plugin Architecture
Forensically Sound and Fully Automated (Never a write to local disk unless
forced - can be run from CDROM)
Open Source, Perl Based
Perl (or any other installation) not required on the host
Clean Code and easily extensible....

FRISK helps your enterprise perform live incident response more quickly,
and helps you, the security professional focus on what is important - the
results.

While I do realize that there are other tools out there, none that I have
seen are designed to be as extensible and customizable as FRISK. My goal
is to build a tool with a community like Nessus or Snort for incident
response, driven by community contributions of plugins, so that we, as a
university community, can easily stay abreast of new threats.

The current version of FRISK supports only Windows-based platforms.
However, it is a primary goal of the project to support UNIX/Linux
platforms in the near future.

The release has some documentation, and includes a Perl distribution so
that you can get up and running quickly and easily. Please post any and
all questions to the relevant FRISK project forums.

Thank you very much,

Project Page
http://www.sourceforge.net/projects/frisk

Screenshots
https://sourceforge.net/project/screenshots.php?group_id=132688&ssid=10471

John "Four" Flynn
Information Security Engineer
Intrusion and Forensic Specialist
Information Systems and Services
The George Washington University

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.
Previous By Date Next
Previous By Thread Next

Current thread: