Frequency analysis is a powerful tool in a variety of disciplines including cryptoanalysis, digital forensics and incident response. I may have first heard of its application to DFIR from Rob Lee, who was working for Mandiant at that time. Peter Silberman, also from Mandiant touched on the benefits of "least frequency analysis," here. Harlan Carvey has discussed the concept as well. I blogged about using the technique a few years back and coming full circle, Mandiant has expanded on the concept in their excellent data stacking post.
If you're working at scale and collecting large amounts of host level data in comma, tab (or other single character) separated values files, I've written a Powershell script, Get-Stakrank, which you may find useful for analysis. I've written up a use-case scenario in the readme.md file in the github repo for the project.
I intend to build a similar script for working with xml data as there are some common tools that produce XML output.
Sunday, December 29, 2013
Subscribe to:
Posts (Atom)
-
If you're fortunate enough to be running a modern endpoint detection and response (EDR) product or even endpoint protection (EPP), you m...
-
I've been playing around with the matasano crypto challenges for my own edification. Let me say up front, I'm a noob when it comes t...
-
Kansa is an incident response framework written in PowerShell, useful for data collection and analysis. Most of the analysis capabilities ...