[Snort-users] Automated File Carving?

Joel Esler jesler at ...1935...
Fri Aug 17 18:48:54 EDT 2012


There is documentation. There's also a ready to go virtual machine set up if you'd like to try.  The mailing lists are active and staffed by the developers.  Development continues on the project. Recently, some of the developers have been working on some other things as well, But it's still very much alive.

We have it running here. It's amazing the things that it will bring to light.  We are going to even start using it in the future to assist the VRT In some of our triage. 

We are aware of several companies that are running it, with phenomenal results. 

--
Joel Esler

On Aug 17, 2012, at 6:09 PM, "Jefferson, Shawn" <Shawn.Jefferson at ...14596....> wrote:

> Hi,
> 
> I've tried Razorback once before, and at that time I couldn't get it to work.  Documentation seemed to be limited (pretty common for opensource software).  At that time I gave up on it as it didn't seem to be "ready for prime time", if you know what I mean.
> 
> I'm willing to give it another shot of course, as it sounded very cool.  Is there some good documentation on how to get it setup?
> 
> -----Original Message-----
> From: Joel Esler [mailto:jesler at ...1935...] 
> Sent: Friday, August 17, 2012 11:23 AM
> To: Marcos Rodriguez
> Cc: snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] Automated File Carving?
> 
> On Wed, Aug 08, 2012 at 03:48:22PM -0400, Marcos Rodriguez wrote:
>> On Wed, Aug 8, 2012 at 3:19 PM, Tim Covel <tcovel at ...15149...> wrote:
>> I'm not sure, but I thought (I'm a bit befuddled, so beware when I
>> think!!!!)  that Snort could do this in conjunction with Razorback.
> 
> You are correct.  This is exactly what Razorback was designed for.  Along with a little thing like automated file analysis.
> 
> --
> Joel Esler
> Senior Research Engineer, VRT
> OpenSource Community Manager
> Sourcefire
> 
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest Snort news!




More information about the Snort-users mailing list