Triage is an incident response tool that automatically runs commands to collect host data and copy it to the location where the script is stored. It utilizes various forensic tools that need to be placed in a Tools folder for Triage to work properly. Triage can be run via its graphical user interface or command line based on settings in its Triage.INI configuration file, which allows customizing which commands to run.
Triage is an incident response tool that automatically runs commands to collect host data and copy it to the location where the script is stored. It utilizes various forensic tools that need to be placed in a Tools folder for Triage to work properly. Triage can be run via its graphical user interface or command line based on settings in its Triage.INI configuration file, which allows customizing which commands to run.
Triage is an incident response tool that automatically runs commands to collect host data and copy it to the location where the script is stored. It utilizes various forensic tools that need to be placed in a Tools folder for Triage to work properly. Triage can be run via its graphical user interface or command line based on settings in its Triage.INI configuration file, which allows customizing which commands to run.
Triage is an incident response tool that automatically runs commands to collect host data and copy it to the location where the script is stored. It utilizes various forensic tools that need to be placed in a Tools folder for Triage to work properly. Triage can be run via its graphical user interface or command line based on settings in its Triage.INI configuration file, which allows customizing which commands to run.
md5deep and sha1deep from Jesse Kornblum: http://md5deep.sourceforge.net/
7zip Command Line: http://www.7-zip.org/
The tools will need to be placed in the appropriate locales in order to run properly. When you
download triage it zipped, and then unzipped you’ll notice a Tools folder. Everything needs to be placed
in there; RegRipper and SysInternals Suite are their own folders for ease of viewing. The folder should
look something like this when completed:
Triage.INI File Starting with version 0.78, Triage implemented the usage of an INI file to formulate how you wish to
run it. This allows for unique customization of the application without knowledge of how to modify the
source code and recompile it completely. The INI is simply structured currently with 2 sections: GUI and
Function. GUI is straight forward, either simply enter “Yes” or “No” and this will either boot the GUI or
run the functions over the command. The “Function” portion is a list of runnable functions within the
utility. Again, simply set function to “Yes” or “No” and this will select whether or not the function will
run.
Graphic User Interface
Triage v0.78 implemented the usage the GUI once again, much like the original proof-of-concept
code had. It allows the end-user to have a choice in how they utilize the utility. By default the GUI is turned on by default as it makes it more accessible to more people. If you don’t like it, just enter “NO”
to the GUI portion of the Triage.INI file included in the download. The GUI looks something like this:
Take note of the various tabs as they will allow for various functions in the code to run. Also note, the
lower left corner. This will tell you what INI file is being read (default Triage.INI). If you select File, you’ll
have an option to select a different INI, which must follow the same structure of Triage.INI, but allow
you to save various versions for different situations and run them quickly. The interface will then
automatically change the checked boxes based on the INI you’ve selected. Help For further assistance or requests to add to the application please contact me at
michael.ahrendt@gmail.com.
I appreciate you taking the time to test and or utilize this tool.
