⚡ Lightning Engineer

Enterprise Forensics & System Repair on a USB Stick

5TB bootable toolkit with web dashboard. Perform professional incident response, malware analysis, and system repair. Air-gapped capable. No licensing fees.

🚀 How It Works

1

Boot from USB

Plug the 5TB Lightning Engineer USB into any x86_64 system and boot from it. Works on desktops, laptops, servers.

2

Auto-Start Dashboard

Web dashboard automatically launches on port 17050. Access from any device on the network.

3

Select Your Mode

Choose System, Security, Windows, or Network tabs based on your task. Real-time status updates.

4

Execute & Document

Run scans, repairs, forensics. All output preserved for evidence and reporting.

🖥️ Web Dashboard (Port 17050)

Real-time control panel accessible from any browser on your network

System
Security
Windows
Network
lightning-engineer
 12:34:56 up 2:15, 1 user, load average: 0.42, 0.38, 0.35
               total        used        free      shared  buff/cache   available
Mem:           1.6Gi       728Mi        95Mi        69Mi       1.0Gi       910Mi

=== ZFS Pools ===
NAME    SIZE  ALLOC   FREE  HEALTH
tank    4.5T   1.2T   3.3T  ONLINE

=== RAID Arrays ===
Personalities : [raid0] [raid1] [raid5] [raid6] [raid10]
md0 : active raid1 sda1[0] sdb1[1]
      1953513472 blocks [2/2] [UU]

Dashboard Tabs

📊 System Tab

  • System Info - Hostname, uptime, load average, memory usage
  • ZFS Pools - Pool status, health, capacity, scrub status
  • RAID Arrays - mdadm status, rebuild progress, drive health
  • Auto-refresh - Updates every 60 seconds automatically

🛡️ Security Tab

  • Suricata IDS - Intrusion detection alerts, threat signatures
  • Fail2Ban - Banned IPs, jail status, attack attempts
  • Connections - Active network connections, suspicious traffic
  • Malware Scan - ClamAV + YARA scanning (button trigger)
  • Login Check - Failed logins, brute force detection

🪟 Windows Tab

  • chntpw - Reset Windows passwords offline
  • ntfs-3g - Mount and access NTFS drives
  • testdisk - Recover lost partitions
  • 7z - Extract compressed files
  • grub-install - Repair boot loaders
  • efibootmgr - Manage UEFI boot entries
  • Drive Detection - Auto-detect attached Windows drives

🌐 Network Tab

  • Network Scan - Discover hosts on local network (nmap)
  • ARP Table - View MAC addresses, detect spoofing
  • Traffic Capture - tcpdump packet capture
  • Wireshark - Deep packet analysis

🔌 REST API Endpoints

Programmatic access for automation and integration

GET /api/sys
System info, uptime, memory
GET /api/zfs
ZFS pool status and health
GET /api/raid
RAID array status
GET /api/ids
Suricata IDS alerts
GET /api/f2b
Fail2Ban status
GET /api/conn
Active connections
GET /api/mal
Trigger malware scan
GET /api/log
Check login attempts
GET /api/drv
Detect attached drives
GET /api/netscan
Network discovery scan
GET /api/arp
ARP table listing

🪟 Windows 11 Repair Specialists

TPM 2.0 Bypass

Install Windows 11 on hardware that doesn't meet Microsoft's requirements. Registry bypass, modified PE, Rufus-style options.

Microsoft Account Bypass

Create local accounts on Windows 11 Home. Use OOBE\BYPASSNRO command during setup. No cloud dependency.

Boot Repair

Fix MBR, GPT, BCD, bootmgr. Resolve BOOTMGR missing, 0xc000000e errors, boot loops, blue screens.

Registry Recovery

Offline hive editing: SAM, SYSTEM, SOFTWARE. Reset passwords, remove bad drivers, clear pending updates.

Bad Update Removal

Remove broken Windows updates offline. DISM from Linux, registry cleanup, CBS log analysis.

BitLocker Recovery

Access BitLocker volumes with recovery key. Mount encrypted drives for data recovery.

Forensic Tools Installed

🧠 Memory Forensics

  • Volatility 3 v2.26.2
  • LiME (Linux Memory Extractor)
  • Process tree analysis
  • DLL injection detection
  • Rootkit identification
  • Password hash extraction

💾 Disk Forensics

  • Sleuth Kit v4.12.1
  • Autopsy GUI
  • dc3dd forensic imaging
  • ewf-tools (E01 support)
  • afflib-tools (AFF support)

🔬 Malware Analysis

  • YARA v4.5.4
  • radare2 v5.9.8
  • ClamAV (8M+ signatures)
  • binwalk firmware analysis
  • ssdeep fuzzy hashing

🌐 Network Forensics

  • Wireshark v4.4.7
  • tcpdump v4.99.5
  • Suricata IDS/IPS
  • tshark CLI
  • nmap network scanner

⏱️ Timeline Generation

  • Plaso/log2timeline v20241006
  • Super timeline correlation
  • Windows event log parsing
  • Browser history analysis
  • Registry timestamp extraction

🎯 Endpoint Response

  • Velociraptor v0.75.1
  • VQL query language
  • Artifact collection
  • Multi-system hunting
  • Automated playbooks

📁 File Recovery

  • foremost v1.5.7
  • scalpel carving
  • testdisk/photorec
  • NSRL filtering (119GB)

🔧 System Repair

  • ZFS utilities
  • mdadm RAID tools
  • LVM2
  • GRUB repair
  • chntpw password reset

Cost Comparison

CapabilityCommercial SolutionAnnual CostLightning Engineer
Disk ForensicsEnCase / FTK$3,000 - $5,000/year✓ Included
Memory ForensicsVolatility Enterprise$2,000 - $10,000/year✓ Included
Endpoint DetectionCrowdStrike / Carbon Black$50 - $150/endpoint/year✓ Included
Network ForensicsNetworkMiner Pro$900/year✓ Included
Timeline AnalysisSplunk / Elastic SIEM$10,000 - $100,000/year✓ Included
Malware AnalysisVirusTotal Enterprise$10,000+/year✓ Included
TOTAL$75,000 - $500,000+/yearOne-time purchase

Technical Specifications

5TB
Evidence Storage
17050
Dashboard Port
119GB
NSRL Database
100%
Air-Gapped Capable
x86_64
Compatible Systems
24+
Forensic Tools
ComponentDetails
Base OSUbuntu 25.10 (customized)
Boot MethodUSB 3.0 bootable (UEFI + Legacy BIOS)
DashboardWeb UI on http://[IP]:17050
Auto-StartDashboard launches automatically on boot
APIREST endpoints for automation
UpdatesTool updates via apt, NSRL quarterly

Ready to Transform Your Incident Response?

Enterprise forensics capability without the enterprise price tag.

Contact Us for Pricing

Lightning Engineer is part of the Lightning Platform by Schomp Technologies

Lightning Forge | Lightning Continuum | Lightning Bridge | Lightning ITSM

© 2026 Schomp Technologies | richard@schomp.ai