nightHawkResponse – Incident Response Framework
nightHawkResponse is a custom built application for asynchronus forensic data presentation on an Elasticsearch backend. This application is designed to ingest a Mandiant Redline “collections” file and give flexibility in search/stack and tagging. The application was born out of the inability to control multiple investigations (or hundreds of endpoints) in a single pane of glass.
Redline is a free endpoint security tool that provide users the possibility to identify malicious or suspicious activity on the operating system. it will collect running process, drivers, file system metadata , event logs , network information , services and web history. This is useful during a full scooping of an incident. Combining Redline with nightHawkResponse will make the collection of data faster and easier to visualize in a distributed network.
Some of the feature for this framework:
- Single view endpoint forensics (multiple audit types).
- Global search.
- Timelining.
- Stacking.
- Tagging.
- Interactive process tree view.
- Multiple file upload & Named investigations.

nightHawkResponse – Incident Response Forensic Framework
You can read more and download the framework over here: https://github.com/biggiesmallsAG/