Incident Response Forensic Framework Overview
The application is specifically designed to present forensic data forensic data. It is designed to collect the Mandiant Redline collection file and provide search / stack flexibility and tags. Many of the searches are structured, unstructured, geo, metric – any way you want.
Elasticsearch helps to realize the full power of Apache Lucene with simple tools and mechanisms. Elasticsearch – implements more functionality than Apache Lucene. About Elasticsearch it can be said that he is:
1. A mechanism for storing documents (analogous to database tables, similar to MySQL) in real time.
2. The system of search and analytics in real time.
3. Scalable system.
This article describes what Elasticsearch and the Elasticsearch installation.