This website uses its own and third party cookies to collect information that helps to optimize your visit to their web pages. Cookies will not be used to collect personal information. You can either allow or reject their use. You can also change their settings at any time. You will find more information on our Cookie Policy page.


DS4N6 Blog >> New DS4N6 Library v0.8.1 Released!

New DS4N6 Library v0.8.1 Released!

Photo by NoName_13 on Pixabay

We are very excited to announce the new version of the Data Science Forensic library (ds4n6_lib), better known as CHRYSALIS. It has been a while since we presented the first version of the ds4n6 library at the SANS DFIR Summit '20. Today we are presenting the eighth version of the library (CHRYSALIS v0.8.1). Our mission is to bring Data Science & Artificial Intelligence to the fingerprints of the average forensicator and promote advances in the field.

What is new?

For the first time in the project, we present the possibility of processing graph data with Machine Learning (ML). Graph analysis is a powerful weapon in DFIR investigations, e.g., for detecting Lateral Movement (LM). However, when training ML models with DFIR artifacts, the data are usually processed in a table format in which the inputs (rows) are independent of each other. CRHYSALIS' new graphical analysis functions allow us to extract more complex patterns when processing our DFIR datasets.

Using only two functions, you will be able to detect malicious lateral movements in your network in a matter of minutes:

  • build_lm_dataset(): by using this function you will build a dataset with all lateral movements made by the users. All you need to do is to provide a dataset with all log events and CHRYSALIS will do the job for you.
  • find_lm_anomalies(): after creating the LM dataset, just run this function to find the top main anomalous lateral movements in your network. As output, you will get suspicious activity dates, user names and hosts for further investigation.

Learn more about these functions here.

If you still do not believe how easy it is to use CHRYSALIS, you can take a look at the demos presented at RSAC23 in the talk Hunting Stealth Adversaries with Graphs & AI. In the presentation, using these two functions of the ds4n6_lib, we detected a stealth adversary moving through the network in a real-case incident.

If you are not familiar with what the DS4N6 Library is or how it can help you, please check the blog post What is the DS4N6 Library (ds4n6_lib)? by Jess Garcia.

For further information check the Documentation section and stay tuned for the latest blog posts of the project

May the ds4n6 be with you!