mirror of
https://github.com/overcuriousity/autopsy-flatpak.git
synced 2025-07-06 21:00:22 +00:00
added malware scanner doc template
This commit is contained in:
Brian Carrier
parent
ef61a98701
commit
e4fb10458f
57
docs/doxygen-user/ct_malware_scanner.dox
Normal file
57
docs/doxygen-user/ct_malware_scanner.dox
Normal file
@ -0,0 +1,57 @@
|
|||||||
|
/*! \page ct_malware_scanner_page Cyber Triage Malware Scanner Module
|
||||||
|
|
||||||
|
[TOC]
|
||||||
|
|
||||||
|
What Does It Do
|
||||||
|
========
|
||||||
|
|
||||||
|
The Cyber Triage Malware Scanner module will use the malware scanning infrastructure from Cyber Triage to identify if any Windows executables are malware. It will query an online service using the file's hash value to see if the file was already analyzed and allows you to upload files for analysis if they are new.
|
||||||
|
|
||||||
|
This module requires a commercial license from Cyber Triage.
|
||||||
|
|
||||||
|
For more information on obtaining a license, refer to [CyberTriage.com](https://cybertriage.com/autopsy-malware-module). The remainder of this page is about the use of the module once it is licensed.
|
||||||
|
|
||||||
|
|
||||||
|
Configuration
|
||||||
|
=======
|
||||||
|
|
||||||
|
Once you have a license, you must add it on the Options panel. Choose the 'Cyber Triage' tab and choose 'Add License'.
|
||||||
|
|
||||||
|
|
||||||
|
IMAGE
|
||||||
|
|
||||||
|
After you enter the license number that you should have received from your email, you will then need to review and agree to the license terms.
|
||||||
|
|
||||||
|
|
||||||
|
The options panel should now display information about the lookup limits. You can always refer back to here about what your limits are and when they reset.
|
||||||
|
|
||||||
|
IMAGE
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
Using the Module
|
||||||
|
======
|
||||||
|
|
||||||
|
Ingest Settings
|
||||||
|
------
|
||||||
|
|
||||||
|
For each data source, you select if you want files to be uploaded if they have not already been analyzed. By default, they are uploaded. You can choose to not upload them though.
|
||||||
|
|
||||||
|
IMAGE
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
Out of Scans
|
||||||
|
-------
|
||||||
|
|
||||||
|
If you go beyond your limits, you will get a dialog that not all files were analyzed. You can wait until your limits reset and then start ingest again with only the malware scanning module enabled. It will ignore the files that are already analyzed.
|
||||||
|
|
||||||
|
|
||||||
|
Seeing Results
|
||||||
|
------
|
||||||
|
|
||||||
|
Once ingest has completed, the files with malware will be listed in the Malware node in the tree.
|
||||||
|
|
||||||
|
IMAGE
|
||||||
|
|
||||||
|
*/
|
||||||
@ -58,6 +58,7 @@ The following topics are available here:
|
|||||||
- \subpage ileapp_page
|
- \subpage ileapp_page
|
||||||
- \subpage aleapp_page
|
- \subpage aleapp_page
|
||||||
- \subpage yara_page
|
- \subpage yara_page
|
||||||
|
- \subpage ct_malware_scanner_page
|
||||||
|
|
||||||
- Reviewing the Results
|
- Reviewing the Results
|
||||||
- \subpage uilayout_page
|
- \subpage uilayout_page
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user