TAPIR : Trustable Artifact Parser for Incident Response
Action | Key |
---|---|
Play / Pause | K or space |
Mute / Unmute | M |
Toggle fullscreen mode | F |
Select next subtitles | C |
Select next audio track | A |
Show slide in full page or toggle automatic source change | V |
Seek 5s backward | left arrow |
Seek 5s forward | right arrow |
Seek 10s backward | shift + left arrow or J |
Seek 10s forward | shift + right arrow or L |
Seek 60s backward | control + left arrow |
Seek 60s forward | control + right arrow |
Decrease volume | shift + down arrow |
Increase volume | shift + up arrow |
Decrease playback rate | < |
Increase playback rate | > |
Seek to end | end |
Seek to beginning | beginning |
Share this media
HLS video stream
You can use an external player to play this stream (like VLC).
HLS video streamWhen subscribed to notifications, an email will be sent to you for all added annotations.
Your user account has no email address.
Information on this media
bin2json a tool to extract metadata from multiple file formats to json and TapIR a collaborative server for incident response accessible through a REST API, a web ui, and python command line tools.
This talk is about two new incident response tool : TapIr and bin2json and the Tap rust library there are based on.
Those two tools are based on the TAP (Trustable Artifact Parser) rust library, that come with different plugins to parse specific artefacts (NTFS, MTF, regitry, evtx, prefetch, ...),
and include a search engine that let you create complex query.
-
bin2json can take different kinds of input like : disk image, partition, or collection of artifacts and automatically generate a json file containing metadata extracted from those inputs.
It can also generate the json file as a timeline. The generated file can then be analyzed via tools like jq or sent to elastic search or splunk for further analysis. -
TapIR is a service that can ingest the same kind of file as bin2json, then let you access extracted data and metadata through a rest API.
You can install it and make it accessible on a local network, a remote host or on the cloud, thus leveraging remote collaborative analysis.
TapIR come with web UI and a python client as command lines tools that lets you automate your IR task via scripting.
- The two aforementioned tools take advantage of the TAP library, written in RUST that make parsing secure and fast by leveraging heavy multithreading
During the presentation we will go through the architecture of the TAP library, when and how to use TapIR and bin2json, and finally we will make a demonstration of the different tools.
Solal Jacob is an incident responder but also a contributor and developer of open source tools. He is the creator of DFF (Digital Forensics Framework), and other tools related to forensics and memory analysis.
Other media in the channel "2022"
- 20 views, 1 this yearClosingJuly 6th, 2022
- 56 views, 10 this year, 4 this monthkdigger: A Context Discovery Tool for Kubernetes Penetration TestingJuly 6th, 2022
- 45 views, 6 this yearDissecting NTLM EPA & building a MitM proxyJuly 6th, 2022
- 81 views, 25 this year, 3 this monthFinding Java deserialization gadgets with CodeQLJuly 6th, 2022
- 82 views, 7 this yearMobSF for penetration testersJuly 6th, 2022
- 80 views, 7 this yearImprove your Malware Recipes with CyberchefJuly 6th, 2022