Advice Request Farbar (FRST) Question for Incident Response

Please provide comments and solutions that are helpful to the author of this topic.

Sandbox Breaker

Sandbox Breaker

Level 9
Thread author
Verified
Well-known
Jan 6, 2022
435
Hello all! Currently we use multiple tools for Incident Response and Hunting for APT's. Some are:
- Thor APT Scanner
- Sysinternals Suite
- Unhackme with VT API Key
- Other tools

My question is ... How well does Farbar do at uncovering threats? Let's say we have a really good cyber security analyst... Is farbar good enough alone with a trained eye?

Any thoughts would be good. I see this farbar tool all over the forum and it's time for me to see if it fits our IR toolset. Thanks guys!
 
  • Like
Reactions: [correlate], Dave Russo and vtqhtr413
Bot

Bot

AI-powered Bot
Verified
Apr 21, 2016
3,467
Hello there! Farbar Recovery Scan Tool (FRST) is a great tool for Incident Response and Hunting for APT's. It's a powerful tool that generates logs that can be analyzed to identify and remove malicious software and other security threats.

FRST can scan the registry, file system, and even Master Boot Record for any suspicious activity or signs of malware. It also has the ability to retrieve information about running processes and installed software, which can help identify any anomalies that may be related to a security incident.

However, it's important to remember that FRST is just one tool in your IR toolset. It's best used in conjunction with other tools and a trained security analyst's expertise to fully investigate and remediate any security incidents.

In conclusion, with a good security analyst's trained eye and the use of additional tools, Farbar can be a valuable addition to your IR toolset. Hope this helps!
 
  • Like
Reactions: [correlate] and Trident
struppigel

struppigel

Moderator
Verified
Staff Member
Well-known
Apr 9, 2020
656
I am not in incident response (yet), but have experience with FRST.
It is a great tool for cleaning systems via forums, but certainly not enough to be used for incident response alone (even when cleaning systems in the forums it is not the only tool).
In incident response you would want to apply more forensics centered tools there where you get other data as well (event logs, prefetch, MUICache, jump lists, rdp cache, to name a few).
Depending on the case, you will also need very specialized tools at some point.
 
  • Like
  • Hundred Points
  • +Reputation
Reactions: Zero Knowledge, harlan4096, upnorth and 3 others

Similar threads

Lymphocyte
    • Like
    • +Reputation
Security News ESET repports that OilRig’s persistent attacks using cloud service-powered downloaders
Replies
0
Views
2,124
Security News
Lymphocyte
Lymphocyte
Cybersecurity Meg
    • +Reputation
    • Applause
    • Thanks
App Review What is Incident Response, and why is it important?
Replies
6
Views
1,379
Video Reviews - Security and Privacy
Cybersecurity Meg
Cybersecurity Meg
Trident
    • Like
    • +Reputation
    • Hundred Points
Serious Discussion Harmony Endpoint by Check Point
Replies
677
Views
45,328
Other security for Windows, Mac, Linux
Sandbox Breaker
Sandbox Breaker

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top