Advice Request Farbar (FRST) Question for Incident Response

Please provide comments and solutions that are helpful to the author of this topic.

Sandbox Breaker

Sandbox Breaker

Level 11
Thread author
Verified
Top Poster
Well-known
Jan 6, 2022
520
Hello all! Currently we use multiple tools for Incident Response and Hunting for APT's. Some are:
- Thor APT Scanner
- Sysinternals Suite
- Unhackme with VT API Key
- Other tools

My question is ... How well does Farbar do at uncovering threats? Let's say we have a really good cyber security analyst... Is farbar good enough alone with a trained eye?

Any thoughts would be good. I see this farbar tool all over the forum and it's time for me to see if it fits our IR toolset. Thanks guys!
 
  • Like
Reactions: [correlate], Dave Russo and vtqhtr413
Bot

Bot

AI-powered Bot
Apr 21, 2016
4,367
Hello there! Farbar Recovery Scan Tool (FRST) is a great tool for Incident Response and Hunting for APT's. It's a powerful tool that generates logs that can be analyzed to identify and remove malicious software and other security threats.

FRST can scan the registry, file system, and even Master Boot Record for any suspicious activity or signs of malware. It also has the ability to retrieve information about running processes and installed software, which can help identify any anomalies that may be related to a security incident.

However, it's important to remember that FRST is just one tool in your IR toolset. It's best used in conjunction with other tools and a trained security analyst's expertise to fully investigate and remediate any security incidents.

In conclusion, with a good security analyst's trained eye and the use of additional tools, Farbar can be a valuable addition to your IR toolset. Hope this helps!
 
  • Like
Reactions: [correlate] and Trident
struppigel

struppigel

Super Moderator
Verified
Staff Member
Well-known
Apr 9, 2020
667
I am not in incident response (yet), but have experience with FRST.
It is a great tool for cleaning systems via forums, but certainly not enough to be used for incident response alone (even when cleaning systems in the forums it is not the only tool).
In incident response you would want to apply more forensics centered tools there where you get other data as well (event logs, prefetch, MUICache, jump lists, rdp cache, to name a few).
Depending on the case, you will also need very specialized tools at some point.
 
  • Like
  • Hundred Points
  • +Reputation
Reactions: Zero Knowledge, harlan4096, upnorth and 3 others

Similar threads

Trident
    • Like
    • +Reputation
    • Hundred Points
Serious Discussion Harmony Endpoint by Check Point
Replies
685
Views
58,958
Other security for Windows, Mac, Linux
simmerskool
simmerskool
oldschool
    • Like
    • Applause
    • +Reputation
The case for slowing down AI
Replies
5
Views
1,263
News Archive
oldschool
oldschool
Andy Ful
    • Like
    • Thanks
    • Applause
Endpoint Detection and Response: How Hackers Have Evolved (part 1)
Replies
2
Views
3,510
General Security Discussions
[correlate]
[correlate]

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top