Portable incident response lab
Forensics USB device for rapid analysis of file collections
The AT1000 Portable lncident Response Lab ships as a USB solid-state hard drive. It integrates with industry leading forensics solutions to significantly increase the speed and effectiveness of cyber investigations. The AT1000 enables responders to quickly discover relevant files, perform deep file analysis and correlate found artifacts. Typical systems can have upwards of 200K files, where 90%+ are likely whitelisted or not relevant. AT1000 helps to quickly filter out whitelisted and blacklisted content to find unique and unknown executables, documents and malware. Investigators then use AT1000 to perform advanced searches on any of the 3000 different indicators that are extracted from the files of interest. This portable solution enhances forensic analysis by utilizing two single-user on-board virtual appliances and a collection of scripts and tools to integrate with the leading forensics solutions.
TWO VIRTUAL APPLIANCES THAT ARE INCLUDED WITH THIS SOLUTION ARE:
- T1000-B VMDK File Reputation Appliance
- A1000 VMDK Malware Analysis Platform
They are accessed through Web GUIs and REST APIs by provided forensics scripts, tools and documentation. These interfaces facilitate easy integration with leading Forensic solutions such as Encase, FTK and F-Response. The T1000-B provides an on-board database that enables high-speed file filtering using ReversingLabs' industry leading TitaniumCloud File Reputation knowledgebase. It quickly processes a list of file hashes to classify them as known good, malicious, suspicious or to quickly perform automated analysis and complex searches on large numbers of unknown files. Unique ReversingLabs Active Decomposition and Predictive Detection technologies quickly uncover threats in files that are invisible to conventional analysis tools.