LIFARS Voltaire – New Open Source Tool for Cyber Incident Response Triage

LIFARS Voltaire - New Open Source Tool for Cyber Incident Response Triage

LIFARS, the global leader in Incident Response, Digital Forensics, Ransomware Mitigation and Cyber Resiliency Services, has released a new open-source tool for incident response (IR) triage.

This tool, named Voltaire [1], is unlike anything else in the open-source community. It is a script that automates analysis performed by the Volatility framework [2], providing malware analysts with valuable triage data output, faster. Incident Response victims will experience “faster battlefield forensics, shorter time between acquisition and actionable intelligence for the onsite responders, and less risk for data exfiltration or damages” says Voltaire’s main developer, Jean Gobin, Digital Forensics Lead at LIFARS. “Cyber memory implants are modern atomic weapons and are used unfairly against commercial targets,” says Ondrej Krehel, CEO of LIFARS, “and having tools such as Voltaire helps respond to these sophisticated memory-based attacks and compromises.”

The cyber response community can use this tool to decrease reaction time and therefore decrease the cost impact of a cyber incident to their clients. This open-source script is another LIFARS contribution toward the “’Democratization’ of memory forensics…” which, Gobin states, will hopefully lead toward “better IR capabilities globally.” Moreover, as more cyber IR teams use Voltaire, the better it will become. “We want more people to use it, (and) give us more feedback to improve it” says LIFARS development team member.  According to the team’s research on open-source resources, “there is no tool yet to record the report from Volatility and analyze the results.”

When asked why LIFARS is offering this tool for free to the public, Gobin explained, “LIFARS believes that (cyber) security is a common goal, and that everyone plays a part.” Krehel adds “sharing knowledge with the cyber security community has always been a key motive for LIFARS.  It is important to create and release open-source projects that save the community money, provide additional resources and help relieve the financial strains of a cyber incident.”

LIFARS plans to develop a second version of Voltaire to support new-coming Volatility [3]. This new version would provide scan results even faster and provide additional features.

 

Visit LIFARS cyber security knowledge center to learn more and download demo: Voltaire/Voila tools

 

[1] Voltaire by LIFARS, LLC github.com/Lifars

[2] “Volatility Framework – Volatile memory extraction utility framework” github.com/volatilityfoundation/volatility

[3] “Volatility 3.0 development”  github.com/volatilityfoundation/volatility3