Special Guest: Mark Baggett, Technical Advisor to DoD and SANS Instructor

In this episode, we host Mark Baggett, author, and creator of the SANS Sec 573 course, which teaches even complete beginners the automation of information security using Python. Together we will discuss the already well-known SRUM Dump along with some of the tools that he is currently working on.

Tool 1: Ese-analyst is basically a command-line interface version of SRUM Dump. However, unlike SRUM Dump, Ese-analyst is wonderful for dealing with multiple images. It will combine all the searched tables into a CSV file and it also supports plugins.

Tool 2: Domain_stats is a SEIM-integrated Zone Alarm for DNS
“Never seen before” alerts for your network and SANS Internet Storm Center
“Established” “New” classifications to identify baby domains. This tool is used primarily for network-based forensics.

Tool 3: Werejugo is a laptop geolocation history tracker. Given a single laptop image, Werejugo is capable of extracting and collecting every possible Mac address based on location and searching for its location using online APIs. This graphical user interface will run, extract information, and provide a map.

Listen to the full podcast to learn more about these new open-source tools and to take part in a little Geolocation game that Mark has created just for this occasion.

Share this post