Tools
KoreLogic has published a number of open-source projects. Most are hosted on GitHub, and have a project-specific PGP key for release signing. Some are no longer being actively developed.
| Project | Synopsis | Key |
|---|---|---|
| FTimes | A forensic system baselining, searching, and evidence collection tool. Its primary purpose is to gather and/or develop topographical information and attributes about specified directories and files in a manner conducive to integrity monitoring, intrusion detection, and forensic analysis. | ftimes-code |
| Giles | A compiler that creates event correlation engines (production systems) represented as a SQL-based Relational Database Management System (RDBMS). | giles-project |
| KLEL | A simple expression language implemented as a library that can be embedded in other programs (e.g., FTimes). | libklel-code |
| MASTIFF | A static analysis framework that automates the process of extracting key characteristics from a number of different file formats and supports malware, intrusion, and forensic analysis. | mastiff-project |
| PathWell | A library and PAM module for measuring and dynamically enforcing password complexity across enterprise users, focusing on the uniqueness of each user password's topology. | pathwell-project |
| WebJob | A secure automation framework that can be used support arbitrary tasks on both UNIX and Windows clients, supporting encrypted and signed jobs and responses, large scale multi-tier deployments, etc. | |
| WMkick | A MITM tool for WMI (135/tcp) and WSMan/WinRM (5985/tcp), used to capture NetNTLMv2 hashes in a Windows network. |