- S-RM has chosen to release open-source forensic tool Wiskess to the wider cyber security community to support faster investigations, accurate results, and streamlined workflows
10 January 2024 – LONDON – In the ever-changing landscape of cyber security incident response, response time is vital. S-RM, a leading global cyber security consultancy, is proud to release “Wiskess”, a groundbreaking open-source Digital Forensic Incident Response (DFIR) tool developed by Gavin Hull, Associate Director, Cyber Incident Response at S-RM. The tool will be made available free of charge to the entire cyber security sector.
Wiskess: A Game-Changing DFIR Tool
Wiskess addresses a major breakthrough for investigations – the processing of endpoint data. Leveraging a six-step pipeline, Wiskess automates the processing of disk images and triage collection artefacts from Windows systems. This tool enables quick and efficient handling of data from cloud-based storage, network drives, and more, streamlining the entire process.
S-RM has successfully employed Wiskess in both small and large-scale incidents, significantly reducing investigation time and providing a standardised approach to data processing. This tool's default configuration covers off most Windows artefacts, allowing users flexibility in their approach.
Wiskess excels in providing flexibility and speed, crucial in investigations where time is a critical factor. Its remote response capabilities eliminate the need for on-site setups, allowing responders to act swiftly in advising local teams or handling incidents at scale. The tool's scalability, particularly with the pre-process component "Whipped by Wiskess," ensures efficient processing of data across multiple machines.
Wiskess Models and Availability
Wiskess is currently available in two models:
- PowerShell version – designed for ease of use for developers
- Rust version – designed for better support for parallel processing
S-RM has chosen to release Wiskess to the wider cyber security community to support faster investigations, accurate results, and streamlined workflows. The tool's GitHub repository includes examples of how to run it, along with a video demo showcasing its capabilities.
Gavin Hull, Associate Director at S-RM, comments:
The cyber security sector is built on a foundation of collaboration as much as it is expertise. Releasing Wiskess as an open-source tool that everyone can freely use, develop and contribute to will benefit the sector as a whole and we’re hugely proud to be able to make it available to all.”
Dealing effectively with a cyber incident relies on speed and flexibility; using Wiskess to process endpoint data will help cyber security teams in the midst of dealing with a crisis, providing a depth of data at the snap of their fingers. We hope the sector joins us in improving Wiskess as a tool for all.”
Jamie Smith, Board Director and Global Head of Cyber Security Services at S-RM, comments:
Cyber risk is only set to increase in 2024, so we are delighted to be able to share this tool with the wider cyber security community. At S-RM we are dedicated to working with organisations to fortify their cyber defences and equip them with the resources they need to respond rapidly when an incident does occur. We pride ourselves on getting businesses back on their feet in short order and the Wiskess tool is a game changer in remediation, significantly reducing investigation time through an efficient, standardised approach to data processing.”
For more information about Wiskess, visit: https://www.s-rminform.com/latest-insights/evidence-matters-in-incident-response-how-s-rm-cyber-team-use-their-wiskess
Notes to Editors
Media Enquiries
Tom Stewart-Walvin
Rostrum
t.stewart-walvin@rostrum.agency
+44 (0)7855 689 302
About S-RM
S-RM is a global intelligence and cyber security consultancy with expertise in insurance, cyber security and cyber response. Headquartered in London, S-RM works across nine international offices and advises companies ranging from blue-chip corporates to large financial institutions, and beyond.
To find out more about S-RM, visit www.s-rminform.com
