The CyLR tool collects forensic artifacts from hosts with NTFS file systems quickly, securely and minimizes impact to the host.
The main features are:
The main features are:
- Quick collection (it's really fast)
- Raw file collection process does not use Windows API
- Collection of key artifacts by default.
- Ability to specify custom targets for collection.
- Acquisition of special and in-use files, including alternate data streams, system files, and hidden files.
- Glob and regular expression patterns are available to specify custom targets.
- Data is collected into a zip file, allowing the user to modify the compression level, set an archive password, and file name.
- Specification of a SFTP destination for the file archive.
- CyLR uses .NET Core and runs natively on Windows, Linux, and MacOS. Self contained applications for the following are included in releases for version 2.0 and higher.