Squid-remote: sistema de análisis forense remoto sobre endpoints

Abstract

[en] In any organization, having control over the endpoints is crucial to avoid, detect and give an effective and immediate response to cyberattacks. However, it is not until a later phase (post-cyberincident) that a thorough forensic analysis can be done and the origin, costs and scope of the incident identified. This second phase is essential for the organization as it serves as a guideline to handle and mitigate similar attacks in the future, as well as a method of evidence collection that can be used against the perpetrators of the attack. This project focuses in the post-incident phase and its goal is to design a remote forensic analysis system that allows the monitoring of diverse information from a remote machine such as the processes running, the network traffic or the devices connected to the machine, among others. To carry out this goal, a webapp, a client and a server have been implemented to execute the functions of control, information recovery and data exchange and processing, respectively.