Fibratus is a software which is ready to capture the a lot of the Windows kernel exercise – course of/thread creation and termination, context switches, file system I/O, registry, community exercise, DLL loading/unloading and way more. The kernel occasions could be simply streamed to numerous output sinks like AMQP message brokers, Elasticsearch clusters or commonplace output stream. You can use filaments (light-weight Python modules) to increase Fibratus with your individual arsenal of instruments and so leverage the facility of the Python’s ecosystem.
Download the latest release (Windows installer). The changelog and older releases could be discovered here.
Alternatively, you may get fibratus from PyPI.
- Install the dependencies
- Download and set up Python 3.4.
- Install Visual Studio 2015 (you will solely want the Visual C compiler to construct the
kstreamcextension). Make positive to export the
VS100COMNTOOLSatmosphere variable so it factors to
- Get Cython:
pip set up Cython >=0.23.4.
- Install fibratus by way of the pip bundle supervisor:
See the wiki.