Okay, so let's have a look at the IOC editor.
This is downloadable from Fire I.
When you first start this up, it's going to prompt you for a folder where the IOC's are located.
Well, now, don't worry. On the scan of my local machine didn't actually detect any IOC's,
so I don't have anything to look at here. But I can open. I'll see directory,
and I can point it to the
folder on the desktop
for my route user. You see a truck to look for anything there, but
did Discovery. Or maybe I find IOC and it's any operating system folder or an application folder,
this would be populated
with that information.
You can see that the columns kind of compressed themselves,
but I can also do is I can create a new indicator.
I could pull one from a file if I had one,
but I can create a new one because I know that I've got some information.
that indicates something has happened.
be given a name who the author is.
There could be a good associated with this or
interesting data like what type of indicator. Is it?
What reference information is there
And then you can create awesome logical constructions here
multiple pieces of information. To say this and this or this and that
indicates that a compromise it happened. Whatever those details might be
again, dig into the documentation and you could get a little bit better idea of how to use thes
these particular tools. So I hope you enjoy this introduction to some of the tools from fire. I
look at the red eye scanner and saw the IOC editor.
You need to get to the documentation, as I said, to use some of the more advanced features, like the memory analyzer.
but at least you got an idea of what kind of data can be captured.
And you saw a little bit of information about the interface and how you might dig a little bit deeper
looking for indications of a compromise.
All right, that sums up this mountain will see in the next one. Thank you.