"Dissect: Open-Source Framework for Collecting, Analyzing Forensic Data"

The Dissect framework is a game changer in cyber incident response as it enables data acquisition on thousands of systems in hours, regardless of the nature and size of the IT environment, to be investigated following an attack. Over the last ten years, Fox-IT has developed and used Dissect as a critical framework in incident response investigations for customers. It is now open-source software available to the security community on GitHub to help advance and accelerate forensic data collection and analysis. Dissect was created by the company to help them deal with increasingly complex IT environments, and it has greatly improved its incident response capabilities. According to Erik Schamper, Senior Security Analyst at Fox-IT, they are now sharing Dissect as open-source software with the security community, particularly incident responders from other security companies and security teams from larger companies. Large, complex, and hybrid IT infrastructures are increasingly being used in incident response, and they must be carefully examined for Indicators of Compromise (IOCs). At the same time, victims of an attack must quickly learn what happened and what steps should be taken in response. Dissect allows incident responders to collect and prepare large amounts of data for analysis much more quickly. This allows for faster identification of which infrastructure components have been compromised. As a result, it enables better and more specific decision-making about isolating environments, decisions that typically have a significant business impact. This article continues to discuss the Dissect open-source framework. 

Help Net Security reports "Dissect: Open-Source Framework for Collecting, Analyzing Forensic Data"