CrowdResponse:
is a community-based platform that may eventually support as many as 25 software modules, each serving a different aspect of the incident response process, Kurtz says. This week's release includes three modules: @dirtlist, @pslist, and @yara.
@dirtlist tool offers a way to do directory listings, which enables responders to verify and display digital signature information and filter files and paths to speed incident analysis.
@pslist module lets incident responders list out all active running processes, speeding the task of analyzing executable files and identifying those that might be associated with a sophisticated attack.
@yara module is an enhanced version of the popular, community-based YARA malware analysis tool, which helps users identify and classify malware samples, speeding the process of sorting targeted attacks from random attacks.
Crowd Response is a lightweight Windows console application designed to aid in the gathering of system information for incident response and security engagements. The application contains numerous modules, each of them invoked by providing specific command line parameters to the main application. Modules are all built into the main application in C++ language utilizing the Win32 API to achieve their functionality.
Crowd Response results may be viewed in a variety of ways, particularly when leveraging CrowdStrike’s CRconvert. By default, output from Crowd Response is provided in an XML file. CRconvert will flatten this XML to CSV, TSV or HTML, if desired. The various format options were created to support the different needs and analysis preferences of the end user.
Supported Operating Systems: The tool runs on 32 bit and 64 bit versions of Windows from XP and above.
Download Link : Click Here
MD5 87b58fb3da849cedff3a107bfe600e9b
SHA1 08e5bed8e7ba7316e6ff23610561b14057a58d4c
SHA256 c5ab1006f47bba30fe23bccf9eebedf824efa3bc6212989c748aa147221b5103