Gargamel is a tool for acquiring the forensic evidence

Gargamel is a Windows tool for acquiring the forensic evidence from remote Windows or Linux machines using several different methods.

Gargamel is a Windows tool for acquiring the forensic evidence from remote Windows or Linux machines using several different methods.

Join Viliam Kačala from LIFARS, LLC – a Cyber Security Company, at Black Hat USA 2020 Virtual Event
Date: Wednesday, August 5 | 12:00pm-1:00pm
Track: Data Forensics / Incident Response
Session Type: Arsenal

Black Hat USA is the world's leading information security event, providing attendees with the very latest security research, development and trends

REGISTER - Cyber Security Webinar

The program is able to download the following content from remote Windows machine:

  • Windows Event Logs in evt and evtx format,
  • dump of memory,
  • specified files described with the support of expansions (*,?),
  • output of commands specified in a text file,
  • registry,
  • state of firewall,
  • state of network interfaces,
  • logged on users,
  • running processes,
  • active network connections,

When targeting the remote Linux machine, the program will download:

  • content of /var/log/directory
  • specified files described with the support of expansions (*,?),
  • output of commands specified in a text file,
  • state of firewall,
  • state of network interfaces,
  • logged on users,
  • running processes,
  • active network connections,

Gargamel supports 5 connection methods, naming PowerShell remoting, WMI, PsExec, RDP and SSH (with SCP).

 

Additional cyber security webinar’ resources.

 

Contact LIFARS Today 

For Incident Response Services