Gargamel is a Windows tool for acquiring the forensic evidence from remote Windows or Linux machines using several different methods.
Join Viliam Kačala from LIFARS, LLC – a Cyber Security Company, at Black Hat USA 2020 Virtual Event
Date: Wednesday, August 5 | 12:00pm-1:00pm
Track: Data Forensics / Incident Response
Session Type: Arsenal
The program is able to download the following content from remote Windows machine:
- Windows Event Logs in evt and evtx format,
- dump of memory,
- specified files described with the support of expansions (*,?),
- output of commands specified in a text file,
- registry,
- state of firewall,
- state of network interfaces,
- logged on users,
- running processes,
- active network connections,
When targeting the remote Linux machine, the program will download:
- content of /var/log/directory
- specified files described with the support of expansions (*,?),
- output of commands specified in a text file,
- state of firewall,
- state of network interfaces,
- logged on users,
- running processes,
- active network connections,
Gargamel supports 5 connection methods, naming PowerShell remoting, WMI, PsExec, RDP and SSH (with SCP).
Additional cyber security webinar’ resources.
- Gargamel Project: https://github.com/Lifars/gargamel
- Learn more about LIFARS Cyber Vaccine
- Find out more about Advanced Persistent Threats, APT10 and APT41
- Scammers are Taking Advantages of Coronavirus Concerns
- Cyber Emergency Response – Incident Response Retainer
- Cyber Resilience – Grow Your Business Confidently
- Learn about Managed Detection and Response Incident Digital Forensics Analysis
- LIFARS Solution for Information & Cybersecurity, Compliance and Risk Gap Assessment
- In Response to the Current Cybersecurity Threats, LIFARS is Offering Innovative Remote Cyber Defense Solutions
- Cyber Security Interviews with Industry Leaders & Cyber FAQ
- LIFARS Cybersecurity Email Newsletter Archive
- Cyber Security Events and Webinars
Contact LIFARS Today
For Incident Response Services