Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.

SECRET//NOFORN
Gyrfalcon v1.0 User Manual
(U) Table of Contents
1 Introduction..............................................................................................................................................1
1.1 General Workflow............................................................................................................................1
1.2 Dependencies....................................................................................................................................1
1.2.1 Configuration Tool.....................................................................................................................1
1.2.2 Gyrfalcon Executable.................................................................................................................1
2 Configuration...........................................................................................................................................2
2.1 Global Configuration Options...........................................................................................................2
2.2 Per Target Configuration Options.....................................................................................................2
2.2.1 Target Address Specification.....................................................................................................3
2.2.2 Target Collection Behavior........................................................................................................3
2.2.3 Target Executable......................................................................................................................4
2.3 Saving the Configuration..................................................................................................................4
2.3.1 Example Configuration Archive Contents.................................................................................4
2.4 Reconfiguration.................................................................................................................................4
3 Gyrfalcon Usage......................................................................................................................................6
3.1 Running the Tool..............................................................................................................................6
3.2 Error Messages..................................................................................................................................6
3.3 Collecting Data.................................................................................................................................7
3.4 Reconfiguration.................................................................................................................................7
4 Postprocessing..........................................................................................................................................8
4.1 Introduction.......................................................................................................................................8
4.2 Decryption.........................................................................................................................................8
4.3 Analysis.............................................................................................................................................9
4.4 Advanced Analysis.........................................................................................................................11
4.4.1 Explanation..............................................................................................................................11
5 Forensic Signature.................................................................................................................................12
5.1 Filesystem Artifacts........................................................................................................................12
5.2 In-memory Artifacts........................................................................................................................12
5.3 Network Artifacts............................................................................................................................12
5.4 Logging...........................................................................................................................................13
January 2013 SECRET//NOFORN v

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh