Today Paula Januszkiewicz and Mike Jankowski-Lorek presented CQURE’s forensic toolkit during the Arsenal session at Black Hat Europe 2019 in London.
Find the description and tools below!
CQForensic: The Efficient Forensic Toolkit
CQForensic Toolkit enables you to perform detailed computer forensic examinations.
It guides you through the information gathering process providing data for analysis and extracting the evidence.
CQForensic can build an attack timeline, extract information from the USN journal, recover files, also from MFT, decrypt user’s and system’s stored secrets, like encrypted data, extract information from Prefetch and from Remote Desktop Session cache, extract information from the configuration of the used for administration tools.
It also contains toolkit for memory analysis, it extracts information from memory dumps, including the PowerShell commands, complete files, including making them consistent if they were corrupted, like sensitive EVTX files.
Our biggest CQKawaii implements custom-made machine learning algorithms to extract from the large logs the anomalies.
During Black Hat Europe, we announced five new tools, including CQKawaii.
CQForensic is a very practical toolkit for forensic investigators.
About Black Hat
Black Hat is one of the most technical information security series of events in the world.
For more than 20 years, Black Hat inspires professionals at all career levels, encouraging growth and collaboration among academia, world-class researchers, and leaders in the public and private sectors.
During the event, you have a chance to participate in training classes, Arsenal Sessions, Briefings and Review Boards.
Download the presented tools HERE (Username: student
If you have any questions, please drop us a message via our contact form.