Incident Response U3 Switchblade From TCSTool (Hacking Illustrated Series InfoSec Tutorial Videos)

Help Irongeek.com pay for
bandwidth and research equipment:

Web Hosting By:

Sponsored by:

Affiliates:

Irongeek's Featured Links:

Web Hosting

Free Web Hosting hosting

EC-Council ECSA Training Videos

emergency lighting

Web Hosting:
Help Irongeek.com pay for bandwidth and research equipment:

Incident Response U3 Switchblade From TCSTool (Hacking Illustrated Series InfoSec Tutorial Videos) Incident Response U3 Switchblade From TCSTool

        I met Russell Butturini (TCSTool) at Phreaknic 2008, there I was introduced to his Incident Response U3 Switchblade. In Russell's own words:

        "The U3 incident response switchblade is a tool designed to gather forensic data from a machine in an automated, self-contained fashion without user intervention for use in an investigation. The switchblade is designed to be very modular, allowing the investigator/IR team to add their own tools and modify the evidence collection process quickly."

        The thing I really like this tool for is those times when you want to know what happened to a compromised Windows box, but can't leave it on the network long term because it may be attacking others. Also, many of the tools I use for security/forensics are seen as "hack tools" by anti-virus, but by having them on the read only CD side of a U3 thumbdrive AV can't automatically delete them. I have a mirror of U3IR here:

                    http://www.irongeek.com/host/u3ir.zip

        which I plan to update as Russ tells me too. This video will cover modifying and creating you own U3 Incident Response Switchblade.

If the embedded video below does not show RIGHT click here to save the file to your hard drive.

Printable version of this article

blog comments powered by Disqus

Ten most recent posts on Irongeek.com:

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.