What Does It Do
The Malware Scanner Ingest Module uses Cyber Triage Cloud to identify if any executables in a data source are malware based on the executable’s md5 hash.
Configuration
Before using the Malware Scanner Ingest Module, you must register a Cyber Triage Cloud License. A license number can be added by selecting the ‘Options’ menu item from the ‘Tools’ menu, going to the ‘Cyber Triage’ tab, and then clicking ‘Add License’.
The user will then be presented with a dialog to enter your license number. Enter your license number and then press ‘OK’. If your license number is validated, you will be presented with the Cyber Triage End User License Agreement. The window may take a moment to load.
Read through the license agreement, and press ‘Accept’. At that point, your options panel should load with information pertaining to remaining lookups.
Uploading Executable
In the screenshot above, there is the option “Upload executable if executable is unknown.” In the event that an executable has not previously been seen by Cyber Triage Cloud, this option provides the ability to upload the executable for scanning. This option may cause increased processing time in order to upload the file and wait for scanning to complete.
Using the Module
Ingest Settings
Once the module has been configured, the user can utilize the Cyber Triage Malware Scanner ingest module during the ingest process.
If the license has not been properly configured or there are no more lookups on the license, there will be a notification in the lower right corner indicating the error. In that event, no more executables will be provided to the Cyber Triage Cloud for lookup.
Seeing Results
Once ingest has completed, there will be malware results for executables in the lookup.
This module requires a paid subscription
TRY IT FREE
We offer a 7-day free trial of Cyber Triage Malware Scanning for Autopsy.
Start your 7-day trial
BUY A LICENSE
We offer two 1-year subscription plans with weekly or daily limits. Review your options and buy here.
Buy License