We are very excited to announce the new version of the Data Science Forensic library (ds4n6_lib), better known as CHRYSALIS. It has been a while since we presented the first version of the ds4n6 library at the SANS DFIR Summit '20. Today we are presenting the eighth version of the library (CHRYSALIS v0.8.1). Our mission is to bring Data Science & Artificial Intelligence to the fingerprints of the average forensicator and promote advances in the field.
For the first time in the project, we present the possibility of processing graph data with Machine Learning (ML). Graph analysis is a powerful weapon in DFIR investigations, e.g., for detecting Lateral Movement (LM). However, when training ML models with DFIR artifacts, the data are usually processed in a table format in which the inputs (rows) are independent of each other. CRHYSALIS' new graphical analysis functions allow us to extract more complex patterns when processing our DFIR datasets.
Using only two functions, you will be able to detect malicious lateral movements in your network in a matter of minutes:
Learn more about these functions here.
If you still do not believe how easy it is to use CHRYSALIS, you can take a look at the demos presented at RSAC23 in the talk Hunting Stealth Adversaries with Graphs & AI. In the presentation, using these two functions of the ds4n6_lib, we detected a stealth adversary moving through the network in a real-case incident.
May the ds4n6 be with you!