Question 1

How to install nightHawk Response on Ubuntu?

Accepted Answer

Use the provided script nhr-setup.sh, but be prepared for potential failures with Elasticsearch index creation and ensure all services like nginx and rabbitmq are running correctly after installation.

Question 2

nightHawk Response vs Autopsy for forensic analysis?

Accepted Answer

nightHawk is optimized for large-scale, asynchronous analysis with Elasticsearch backend from specific file types, while Autopsy is a more general tool for disk forensics with a different focus on local investigation.

Question 3

Can nightHawk handle real-time data ingestion?

Accepted Answer

No, it's designed for asynchronous forensic data presentation from collected files like Redline audits, not for live streaming or real-time endpoint monitoring.

Question 4

How to upload Redline audit files correctly?

Accepted Answer

Zip the specific audit folder from the Redline collector as per the instructions, then use the web interface upload feature with case naming to ensure proper ingestion.

Question 5

What hardware is needed for nightHawk Response?

Accepted Answer

Minimum 20GB storage and sufficient RAM; the README suggests 2GB for testing but recommends more for production, with considerations for CPU and sharding in Elasticsearch.

Question 6

Is there API documentation available?

Accepted Answer

The README states that API documentation is to follow in the Wiki, but it may not be fully documented or accessible in the current version, posing a challenge for integration.

nightHawk

What is nightHawk?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions