Introducing Cado Host — A free tool to collect forensic artefacts from compromised systems
Last week we released Cado Live, a free tool to acquire disk images to cloud storage.
This week, we’ve released another free tool. Cado Host collects forensic artefacts from Windows/Linux/OSX systems (MFT, Logs, etc.) and uploads them directly to cloud storage (AWS/Azure/Google Cloud).
We’ve built a platform to automate incident response and forensics in AWS/Azure/GCP — you can grab a free trial here. You can also download a free playbook we’ve written on how to respond to security incidents in AWS.
It’s now available to download at no-cost:
Cado Host supports uploading to Amazon AWS, Microsoft Azure and Google Cloud Storage. It also supports storing captured files locally.
It can collect artefacts from most Windows, Linux and OSX systems.
We list a full list of the artefacts collected on the site (and we would welcome any suggestions of additional artefacts to collect!). A brief summary is Cado Host collects:
- File system artefacts such as the MFT
- Key log sources such as /var/log on Linux and the Event Logs on Windows
- A number of other locations recording process execution, anti-virus detections and suspicious user behaviour.
