Tuesday 5th November, 2013
3:00pm to 3:35pm
Manta Ray builds off of our efforts with TAPEWORM. MantaRay is a suite of python scripts that perform the same triage steps we introduced in TAPEWORM including (Log2timeline, Volatility, ExifTool, RegRipper, Bulk_Extractor). Manta Ray will contain additional functionality including; script to extract all registry hives from disk image (overt, deleted, unallocated, shadow volumes) and then extract useful information from all hives and present this information to users in a single report, as well as a RegRipper like script that extracts information from .plist files.
Manta Ray will be integrated into the upcoming SIFT 3.0 release, thus making it easily accessible to any examiners that download the SIFT. The goal of this workshop is to demonstrate how the tool works as well as walking the users through how to interpret the tools output. Figuring out what to do with the data extracted by Manta Ray is where the true value of the tool becomes apparent, especially when all of the data is viewed in aggregate.
Sign in to add slides, notes or videos to this session