As Incident Responders, we’re always on the lookout for tools that will allow us and our investigations to become more efficient. There are already a ton of great tools and pre-configured virtual images that provide us with workable forensics environments. It doesn't hurt to have more than one trustworthy option when it comes to these resources. Vagrant is a virtual management platform used to create and deploy virtual environments. Although it’s more commonly used by developers for testing, I thought about how I could leverage it for my DFIR needs. My goal was to provide a quick deployable forensics environment while leveraging the Vagrant platform. Dreamcatcher was born. The Dreamcatcher project was shaped with a lightweight memory forensics environment in mind, and since then I have added more tools and features to its arsenal. As my contribution to the variety of DFIR “Swiss Army Knives” available, it is a fast, flexible alternative. With a clear list of ingredients" no hidden preservatives!" I will demonstrate why Dreamcatcher is a great DFIR addition to anyone’s toolkit

Jeff Williams (blu3wing) is a Security Engineer working in Healthcare and specializes in DFIR and Malware Hunting. He currently is still an undergraduate at Eastern Michigan University where he plans to finish his last two remaining classes over the Summer and Fall 2017 semesters. He is passionate about all things InfoSec, and spends most of his free time researching and monitoring security related events and news.

Back to Converge 2017 video list