Open Source Forensic Threat Hunting

May 25, 2021

In this session I will demonstrate the use of open source software Judge Jury and Executable to acquire forensic data into a database where we will perform threat hunting queries. The queries will cover useful data points such as digital signatures, imphash, compile time, YARA, file type, file owner, along with NTFS and MFT timestamps. After crafting a query we will review results to hunt for suspicious files.