FastFinder - Incident Response - Fast suspicious file finder

FastFinder - Incident Response - Fast suspicious file finder What is this project designed for? FastFinder is a lightweight tool made for threat hunting, live forensics and triage on Windows Platform.

FastFinder is a lightweight tool designed for threat hunting, live forensics and triage on both Windows and Linux Platforms. It is focused on endpoint enumeration and suspicious file finding based on various criteria such as file path/name, md5/sha1/sha256 checksum, simple string content match, and complex content condition(s) based on YARA. It has been tested in real cases in multiple CERT, CSIRT and SOC use cases and includes examples of real malwares, suspect behaviors, and vulnerability scan examples.

Installation is available through compiled releases or from sources. Usage involves command line arguments such as -h, -c, -b, -o, -n, -u, -v, and -t. Depending on where files are being looked for, FastFinder can be used with admin or simple user rights. It can scan and export file matches according to user needs, with configuration examples available. Input includes path, grep, yara, checksum, and options. Output includes copyMatchingFiles, base64Files, and filesCopyPath. Advanced parameters include yaraRC4Key, maxScanFilesize, and cleanMemoryIfFileGreaterThanSize. Search can be done everywhere or in specified paths, with support for wildcards, regular expressions, and environment variables.

Important notes include input paths being case insensitive, content search on strings being case sensitive, and backslashes not needing to be escaped. The project was initially created to automate fast system oriented IOC detection on a wide computer network. Future releases will focus on unit testing, code testing coverage, CI, and building more examples based on live malwares tradecraft and threat actor campaigns.

FastFinder is a powerful tool for threat hunting, live forensics, and triage, with a wide range of features and options for users. It is designed to be lightweight and easy to use, with detailed documentation and examples available. It is a great tool for those looking to automate fast system oriented IOC detection on a wide computer network.

📓 FastFinder - Incident Response - Fast suspicious file finder

👉🏽 FastFinder - Incident Response - Fast suspicious file finder What is this project designed for? FastFinder is a lightweight tool made for threat hunting, live forensics and triage on Windows Platform. 👉🏽 FastFinder is a lightweight tool for threat hunting, live forensics, and triage. 👉🏽 It works on both Windows and Linux platforms. 👉🏽 Its focus is endpoint enumeration and suspicious file finding. 👉🏽 It uses various criteria such as file path/name, checksum, and content match. 👉🏽 It has been tested in real cases by multiple CERT, CSIRT, and SOC use cases. 👉🏽 Installation is available through compiled releases or from sources. 👉🏽 Usage involves command line arguments and different levels of user rights. 👉🏽 It can scan and export file matches according to user needs with configuration examples available. 👉🏽 It supports search everywhere or in specified paths with support for wildcards and regex. 👉🏽 Future releases aim to improve testing, coverage, and building more examples based on live malwares.

🔗 source link: https://github.com/codeyourweb/fastfinder

🔗 summarized content: https://hut.threathunterz.com/battlefield-intel/tradecraft-tools/fastfinder-incident-response-fast-suspicious-file-finder

#FastFinder #ThreatHunting #LiveForensics #Triage #EndpointEnumeration