LIRT
Live Incident Response Tool
LIRT is a tool developed to help the digital forensic investigator to quickly conduct a live investigation and generate results reports, as well as being able to respond and kill or dump suspicious objects for a deep analysis.
Runing Processes
Analyzing the running processes on the system and scanning them on cyber threat intelligence platforms.
Displaying malicious and suspicious processes through several detection rules.
Registary Analyis
Analyzing the registry and examination of it to determine the manipulations and modifications made through the malicious program.
The ability to respond to all suspicious items.
The Tool Is Under Development
Tool Capabilities
The most prominent capabilities of the tool
Collect General Information
Collect information about the machine, device name, ID, timing, BIOS version, operating system, installation date, users, domain, registered owner, network cards, and hardware.
Read More
Analyzing Running Processes
Collect information about running processes, such as name, PID, PPID, start date, image path, user, and hash value, and also scan this processes on threat detection platforms.
Read More
Analyzing Network Connections
Collect information about external and internal connections, active ports, hostnames, connection status, country, and scanning the IP address in threat detection platforms.
Read More
Analyzing System Registry
Collect information about Recent open files and folders, Evidence of Execution, External Devices, System Accounts, Network Interfaces, Autorun Programs, And shared folders.
Read More
Analyzing System Logs
Collecting information by examining system and Sysmon logs, such as login attempts, their status, login method, failed authentication, and attempts to manipulate the registry.
Read More
Create reports of results
The Live ir Tool tool enables you to create reports for all results, including analysis or response. You can also create individual reports for each part or a single case report.
Read More
Respond To Suspicious Processes
You can kill suspicious processes, copy their path, search for them on the Internet via name or hash, and detect them in threat detection platforms.
Read More
Respond To Suspicious Connections
You can block suspicious IP addresses, block suspicious ports, and also search for IPs in threat detection platforms and know the processes that make the connections.
Read More
Dump Suspiciou and malicious Items
Dump suspicious processes to do a deep analysis on it, enter it into other analysis tools, prove it in the attached evidence, Or upload it online for other investigators. Read More
Download LIRT
Download the LIRT tool. The LIRT tool is a free tool for conducting forensic investigations on Windows systems, as well as responding live to digital investigations, preserving evidence, and creating reports of the results.
This is the first version of the tool. Visit our website from time to time to see if there is a newer version
Installation requirements
You must make sure you have the .NET Framework 4.8 packages installed on the device
Or install it from here.
Download .NET Framework 4.8
You can download LIRT for free from GitHub. This tool supports Windows 7, 8, 10 and 11.
version : 1.0 - Size : 256 MGB Download LIRT
Why Use LIRT
Integration with other security solutions
LIRT integrates with two Cyber Threat Intelligence(CTI) platforms, VirusTotal and AbuseIPDB,
to improve detection methods and develop it to integrate with other security solutions.
Threat detection and automatic response
LIRT contains many methods to detect threats and malicious objects and also enables you to make
a live response to stop the work of suspicious elements and kill them permanently.
Time factor
Lira is characterized by the speed of analysis, detection, and producing results, due to the importance
of the time factor for investigators in order to respond to incidents and stop threats.
Updates
We are always working to update and add new detection rules to catch modern threats.
There is always a future development plan.
Always Free
All versions of LIRT are free for life. The goal of developing LIRT is to help investigators
detect threats, and it is a non-profit project.
The project is completely open source.
Our Team
Ahmed AL-Maghraby
Cyber Security Engineer
Software Developer
CEO of LIRT
What says our Customers
Ahmed
ahmed.username
A very wonderful tool that I hope to work on developing
Ahmed
ahmed.username
A very wonderful tool that I hope to work on developing
Ahmed
ahmed.username
A very wonderful tool that I hope to work on developing
Ahmed
ahmed.username
A very wonderful tool that I hope to work on developing
Ahmed
ahmed.username
A very wonderful tool that I hope to work on developing
Info
LIRT is a tool developed to help a digital forensic investigator conduct a live investigation