In the ever-changing landscape of cyber security incident response, response time is vital. S-RM, a leading global cyber security consultancy, is proud to release “Wiskess,” a groundbreaking open-source Digital Forensic Incident Response (DFIR) tool developed by Gavin Hull, Associate Director, Cyber Incident Response at S-RM. The tool will be made available free of charge to the entire cybersecurity sector. 

Wiskess: A Game-Changing DFIR Tool 

Wiskess addresses a breakthrough for investigations – the processing of endpoint data. Leveraging a six-step pipeline, Wiskess automates the processing of disk images and triage collection artifacts from Windows systems. This tool enables quick and efficient handling of data from cloud-based storage, network drives, and more, streamlining the entire process. 

S-RM has successfully employed Wiskess in both small and large-scale incidents, significantly reducing investigation time and providing a standardized approach to data processing. This tool's default configuration covers most Windows artifacts, allowing users flexibility in their approach. 

Wiskess excels in providing flexibility and speed, crucial in investigations where time is a critical factor. Its remote response capabilities eliminate the need for on-site setups, allowing responders to act swiftly in advising local teams or handling incidents at scale. The tool's scalability, particularly with the pre-process component "Whipped by Wiskess," ensures efficient processing of data across multiple machines. 

Wiskess Models and Availability 

Wiskess is currently available in two models: 

1. PowerShell version – designed for ease of use for developers 
2. Rust version – designed for better support for parallel processing 

S-RM has chosen to release Wiskess to the wider cybersecurity community to support faster investigations, accurate results, and streamlined workflows. The tool's GitHub repository includes examples of how to run it, along with a video demo showcasing its capabilities. 

Gavin Hull, Associate Director at S-RM, comments:  

“The cyber security sector is built on a foundation of collaboration as much as it is expertise. Releasing Wiskess as an open-source tool that everyone can freely use, develop and contribute to will benefit the sector as a whole and we’re hugely proud to be able to make it available to all.  

“Dealing effectively with a cyber incident relies on speed and flexibility; using Wiskess to process endpoint data will help cyber security teams in the midst of dealing with a crisis, providing a depth of data at the snap of their fingers. We hope the sector joins us in improving Wiskess as a tool for all.”  

Jamie Smith, Board Director and Head of Cyber Security at S-RM, comments:  

“Cyber risk is only set to increase in 2024, so we are delighted to be able to share this tool with the wider cyber security community. At S-RM we are dedicated to working with organisations to fortify their cyber defences and equip them with the resources they need to respond rapidly when an incident does occur. We pride ourselves on getting businesses back on their feet in short order and the Wiskess tool is a game changer in remediation, significantly reducing investigation time through an efficient, standardised approach to data processing.”