The most prominent capabilities of the tool
Collect information about the machine, device name, ID, timing, BIOS version, operating system, installation date, users, domain, registered owner, network cards, and hardware.
Read More
Collect information about running processes, such as name, PID, PPID, start date, image path, user, and hash value, and also scan this processes on threat detection platforms.
Read More
Collect information about external and internal connections, active ports, hostnames, connection status, country, and scanning the IP address in threat detection platforms.
Read More
Collect information about Recent open files and folders, Evidence of Execution, External Devices, System Accounts, Network Interfaces, Autorun Programs, And shared folders.
Read More
Collecting information by examining system and Sysmon logs, such as login attempts, their status, login method, failed authentication, and attempts to manipulate the registry.
Read More
The Live ir Tool tool enables you to create reports for all results, including analysis or response. You can also create individual reports for each part or a single case report.
Read More
You can kill suspicious processes, copy their path, search for them on the Internet via name or hash, and detect them in threat detection platforms.
Read More
You can block suspicious IP addresses, block suspicious ports, and also search for IPs in threat detection platforms and know the processes that make the connections.
Read More
Dump suspicious processes to do a deep analysis on it, enter it into other analysis tools, prove it in the attached evidence, Or upload it online for other investigators. Read More
LIRT is a tool developed to help a digital forensic investigator conduct a live investigation