It has been a while. When I said I was stopping the Forensic 4:cast Awards, I bet you didn’t expect me to fall off the face of the Earth, did you?
The reality is I’m a busy man. I work for CRA, I teach for SANS, I have a family, and my family has things where I am wanted/needed too.
That being said, I’m not one to sit back for long. As such, today I’ve released Perceptor, a free and open-source investigation platform. It take forensic images, tools reports, VMs, and other data, parses it using other open-source tools, and then generates reports based on connections between those artifacts. I’ve worked long and hard to ensure that this parses many different Windows-based artifacts. Where tools either didn’t exist, or were insufficient, I create new parsers for the data. The whole concept here is that we take a bunch of disparate artifacts from one or many computers, and glue them all together.
Want to know which USB devices have been used in multiple computers? Easy. Want to see everything that happened on a set of systems over a period of time? Done. Want to see how malware spread from patient zero? You can do that! Want to see lateral movement occurring? You got it!
There’s also an optional MCP connector built it, allowing you to connect Perceptor to your AI of choice (online or local) to interrogate the data. Yes, I know, “AI can’t do forensics.” That’s not what we’re doing here, we’re simply giving AI access to the already-parsed data so it can aid us in our investigation. The application is complete and will run well without AI at all.
Here’s the thing, I know that I’m not a coder by trade. I do stuff that interests me from time to time. I need help. Help to load in data and test. Help to figure out what I’ve missed. Help to figure out what I’m not parsing correctly. Anything you can do here would be hugely appreciated.
Bear in mind that there is no GUI yet. I’ll get there, I have some innovative ideas that I want to try that will make this stand out from other applications.
The links to both the Github repo and the user manual are below.