NCC Group has open sourced Dissect, its framework that resets expectations for cyber incident responses by analyzing massive volumes of forensic data with unprecedented speed. It enables data acquisition on thousands of systems within hours, regardless of the nature and size of the IT environment to be investigated after an attack.
Fox-IT (part of NCC Group) developed and has used Dissect over the past 10 years as a critical framework in incident response investigations for customers. From today, it is available to the security community as open source software to help advance and accelerate forensic data collection and analysis.
Incident response increasingly involves large, complex and hybrid IT infrastructures that must be carefully examined for so-called Indicators of Compromise (IOCs). At the same time, victims of an attack need to find out as quickly as possible what exactly happened and what actions should be taken in response.
With Dissect, incident responders can collect and prepare large amounts of data for analysis much faster. According to the company, this leads to quicker insights into which parts of an infrastructure have been compromised. In turn, it supports better and more specific decision making about isolating environments, decisions that usually lead to substantial business impact.
The time savings obviously depend on the IT environment in which data must be collected, but Fox-IT’s experience in some cases is that data acquisition that previously took two weeks with Dissect now only takes an hour.