All Lite features plus: Collects over the network Automated malware and suspicious item analysis Correlates with single user’s previous collection to determine how common item is. Related 3.10 adds Linux, Domain Controllers, and Fuzzy Malware Scanning for DFIR How To Investigate Endpoints with Cyber Triage and Windows Defender DFIR Next Steps: What to do after you find a suspicious Windows Network Logon Session Windows Scheduled Tasks for DFIR Investigations