Core features: Collects volatile and file system data Analyzes memory images using Volatility Generates HTML and CybOX reports. Related 3.10 adds Linux, Domain Controllers, and Fuzzy Malware Scanning for DFIR How To Investigate Endpoints with Cyber Triage and Windows Defender DFIR Next Steps: What to do after you find a suspicious Windows Network Logon Session Windows Scheduled Tasks for DFIR Investigations