(pronounced “SKAHD-ee”) is a giantess and goddess of hunting in Norse mythology
Note: Skadi was formerly known as CCF-VM

Download Latest Release

Click Here For Latest Release

How to Get Started and Support

Skadi Wiki Page

The answers to common questions and information about how to get started with Skadi is stored in the Skadi Wiki Pages.

Skadi Community

There is a Slack community setup for developers and users of the Skadi ecosystem. It is a safe place to ask questions and share information.

Join the Skadi Community Slack

Version 2018.4 is Back and Better Than Ever

• Now includes CyberChef
• Now uses ELK 6.x
• TimeSketch and Nginx configurations updated to now support larger Uploads
• TimeSketch was built from Master branch instead of pypi release in order to be compatible with ELK 6.x
• Updated Digitally Signed Installer
• Updated Packer and Vagrant build scripts
• Updated /opt/skadi/update.sh to download and install the new version of CyLR 2.0
• Added /opt/skadi/healthcheck.sh to aid in diagnostics

Purpose

Skadi is a free, open source collection of tools that enables the collection, processing and advanced analysis of forensic artifacts and images. It scales to work effectively on laptops, desktops, servers, the cloud, and can be installed on top of hardened / gold disk images.

Included Tools

The following tools are combined into one platform that all work together to provide everyone with the ability to collect data, convert the bits and bytes to words and numbers, and analyse the results quickly and easily. All of this enables the ability to rapidly hunt for host based evidence of a malicious activities.

• Plaso
• CDQR
• CyLR
• CyberChef
• Docker
• ElasticSearch, Logstash, Kibana (ELK)
• Redis
• Neo4j
• Celery
• Cerebro

Skadi Add-on Packs

Skadi add-on packs are installed on top of the base Skadi VM to provide extra functionality

• Skadi Pack 01: Automation: Provides two methods of integrating with any Automation tool: gRPC API or using SSH
• Skadi Pack 02: Secure Networking: Updates the firewall and authenticated reverse proxy for use in network deployment. Provides instructions for obtaining TLS/SSL certificates

Kibana, TimeSketch, Cerebro Included

11 New Kibana Dashboards

TimeSketch

Skadi Desktop (NEW!)

Videos and Media

• Alamo ISSA 2018 Slides: Reviews CCF-VM components, walkthrough of how to install GCP version and discuss automation possibilities and risks
• SANS DFIR Summit 2017 Video: A talk about using CCF-VM for Digital Forensics and Incident Response (DFIR)
• ISC2 Security Congress 2017 Slides: Another talk about using CCF-VM for Digital Forensics and Incident Response (DFIR)
• DEFCON 25 4-hour Workshop 2017 Slides: Free and Easy DFIR Triage for Everyone
• OSDFCON 2017 Slides: Walk-through different techniques that are required to provide forensics results for Windows and *nix environments (Including CyLR and CDQR)

Thank you to everyone who has helped, and those that continue to, making this project a reality.

Special Thanks to:

• The team from Komand for their advice and support on all things Automation
• Jackie & Jason from @SpyglassSec for their guidance
• Every single one of the contributors who's efforts made the automation Addon Pack possible

CREATOR

• Alan Orlikoski